├── .DS_Store ├── README.md ├── h02_advanced_helm └── README.md ├── h01_introduction_to_helm └── README.md ├── k02_advanced_kubernetes ├── README.md ├── M04 │ ├── 4.4 │ │ ├── limits-namespace.yaml │ │ ├── pdb-eviction.json │ │ ├── pdb-example.yaml │ │ ├── hpa-command-cheatsheet.md │ │ ├── limits-invalid-pod.yaml │ │ ├── limits-valid-pod.yaml │ │ ├── pdb-command-cheatsheet.md │ │ ├── hpa-deployment-example.yaml │ │ ├── limits-example.yaml │ │ └── limits-command-cheatsheet.md │ ├── 4.1 │ │ ├── pod-disruption-budget.yaml │ │ ├── service-canary.yaml │ │ ├── single-container-pod-example.yaml │ │ ├── multi-container-pod-example.yaml │ │ ├── replication-controller-example.yaml │ │ ├── replica-set-example.yaml │ │ ├── deployment-example.yaml │ │ ├── job-example-pi.yaml │ │ ├── deployment-canary-stable.yaml │ │ ├── deployment-canary.yaml │ │ ├── cronjob-example.yaml │ │ ├── daemonset-fluentd-example.yaml │ │ ├── statefulset-with-headless-service-example.yaml │ │ ├── writing-a-daemonset-spec.yaml │ │ ├── statefulset_example_cockroachdb_minikube.sh │ │ ├── statefulset-example-zookeeper.yaml │ │ └── statefulset-example-cockroachdb.yaml │ ├── 4.2 │ │ ├── network-example-namespace.yaml │ │ ├── ingress-simple-example.yaml │ │ ├── ingress-multipath-example.yaml │ │ ├── ingress-s1-example.yaml │ │ ├── ingress-s2-example.yaml │ │ ├── external-service-example.yaml │ │ ├── ingress-multihost-example.yaml │ │ ├── ingress-tls-example.yaml │ │ ├── frontend-service-example.yaml │ │ ├── services-commands-cheatsheet.md │ │ ├── ingress-command-cheatsheet.md │ │ └── ingress-tls-secret.yaml │ ├── 4.3 │ │ ├── volume-emptydir-example.yaml │ │ ├── storageclass-azure-example.yaml │ │ ├── configmap-nginx-example.conf │ │ ├── pvc-gce-pd-example.yaml │ │ ├── pvc-aws-ebs-example.yaml │ │ ├── volume-aws-example.yaml │ │ ├── volume-gce-example.yaml │ │ ├── pvc-azure-pd-example.yaml │ │ ├── volume-secret-example.yaml │ │ └── storageclass-aws-ebs-example.yaml │ └── 4.5 │ │ └── network-policy-example.yaml ├── M06 │ └── 6.3 │ │ ├── solutions │ │ ├── example4-solution.txt │ │ ├── example5-solution.yaml │ │ ├── example7-solutions.yaml │ │ ├── example6-solution.yaml │ │ ├── example8-solution.yaml │ │ └── example3-solution.yaml │ │ ├── example4.yaml │ │ ├── example2.yaml │ │ ├── example1.yaml │ │ ├── example5.yaml │ │ ├── example6.yaml │ │ ├── example7.yaml │ │ ├── example3.yaml │ │ └── example8.yaml ├── M06_advanced_troubleshooting │ ├── solutions │ │ ├── example4-solution.txt │ │ ├── example5-solution.yaml │ │ ├── example7-solutions.yaml │ │ ├── example6-solution.yaml │ │ ├── example8-solution.yaml │ │ └── example3-solution.yaml │ ├── 04_stuck-in-pending.yaml │ ├── example2.yaml │ ├── 01_broken_pod.yaml │ ├── 05_a_secret_made_is_a_secret_kept.yaml │ ├── 07_claim_your_stake.yaml │ ├── 06_can_only_give_you_what_i_have.yaml │ ├── 03_labels_and_services_oh_my.yaml │ └── example8.yaml ├── authz and authn │ ├── Policy_JSON_Example3 │ ├── Policy_JSON_Example2 │ ├── Policy_JSON_Example1 │ ├── Policy_JSON_Example5_service_account │ ├── Webhook_Response_Denial.json │ ├── RBAC_Role_Example.yaml │ ├── Webhook_Response.json │ ├── RBAC_RoleBinding_Example3.yaml │ ├── RBAC_RoleBinding_Example2.yaml │ ├── RBAC_Cluster_Role_Example.yaml │ ├── RBAC_RoleBinding_Example.yaml │ ├── Webhook_Non-Resource_Request.json │ ├── Webhook_Request_Body.json │ ├── Webhook_Config_File_Exampla.yaml │ ├── Custom_Module_Example │ └── Policy_JSON_Example4 ├── M02 │ ├── build_distributions │ ├── kubelet.monit │ ├── kubelet.upstart │ └── kubelet.service └── M05 │ └── kubectl_examples ├── k04_extending_kubernetes └── README.md ├── k01_kubernetes_fundamentals ├── README.md ├── secret-example.yaml ├── service-example.yaml ├── pod-basic.yaml ├── pod-nodeselector.yaml ├── pod-envvar.yaml ├── pod-multicontainer.yaml ├── pod-readiness.yaml ├── pod-resourcelimit.yaml ├── pod-emptydir.yaml ├── replica-set-example.yaml ├── replicationcontroller-example.yaml ├── pod-hostpath.yaml ├── deployment-basic.yaml ├── pod-liveness.yaml ├── job-example-pi.yaml ├── pod-secret.yaml ├── cronjob-example.yaml ├── pod-downwardapi-volume.yaml ├── k8s-command-cheatsheet.md └── kubernetes-dashboard.yaml ├── k05_managing_kubernetes_clusters └── README.md ├── c01_introduction_to_containers └── README.md ├── w01_introduction_to_deis_workflow └── README.md ├── w02_deis_workflow_for_developers └── README.md ├── k03_cluster_planning_and_implementation └── README.md └── w03_deis_workflow_for_devops_and_operators └── README.md /.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lachie83/trex/HEAD/.DS_Store -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # trex 2 | Training material examples, code snippets, manifests, etc. 3 | -------------------------------------------------------------------------------- /h02_advanced_helm/README.md: -------------------------------------------------------------------------------- 1 | # Deis Professional Services Training 2 | Course h02 - Advanced Helm 3 | -------------------------------------------------------------------------------- /h01_introduction_to_helm/README.md: -------------------------------------------------------------------------------- 1 | # Deis Professional Services Training 2 | Course h01 Introduction to Helm 3 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/README.md: -------------------------------------------------------------------------------- 1 | # Deis Professional Services Training 2 | Course k02 - Advanced Kubernetes 3 | -------------------------------------------------------------------------------- /k04_extending_kubernetes/README.md: -------------------------------------------------------------------------------- 1 | # Deis Professional Services Training 2 | Course k04 - Extending Kubernetes 3 | -------------------------------------------------------------------------------- /k01_kubernetes_fundamentals/README.md: -------------------------------------------------------------------------------- 1 | # Deis Professional Services Training 2 | Course k01 - Kubernetes Fundamentals 3 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.4/limits-namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: limits -------------------------------------------------------------------------------- /k05_managing_kubernetes_clusters/README.md: -------------------------------------------------------------------------------- 1 | # Deis Professional Services Training 2 | Course k05 - Extending Kubernetes 3 | -------------------------------------------------------------------------------- /c01_introduction_to_containers/README.md: -------------------------------------------------------------------------------- 1 | # Deis Professional Services Training 2 | Course c01 - Introduction to Containers 3 | 4 | -------------------------------------------------------------------------------- /w01_introduction_to_deis_workflow/README.md: -------------------------------------------------------------------------------- 1 | # Deis Professional Services Training 2 | Course w01 - Introduction to Deis Workflow 3 | -------------------------------------------------------------------------------- /w02_deis_workflow_for_developers/README.md: -------------------------------------------------------------------------------- 1 | # Deis Professional Services Training 2 | Course w02 - Deis Workflow for Developers 3 | -------------------------------------------------------------------------------- /k03_cluster_planning_and_implementation/README.md: -------------------------------------------------------------------------------- 1 | # Deis Professional Services Training 2 | Course k03 - Cluster Planning and Implementation 3 | -------------------------------------------------------------------------------- /w03_deis_workflow_for_devops_and_operators/README.md: -------------------------------------------------------------------------------- 1 | # Deis Professional Services Training 2 | Course w03 Deis Workflow for DevOps and Operators 3 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M06/6.3/solutions/example4-solution.txt: -------------------------------------------------------------------------------- 1 | # assuming a minikube-based cluster 2 | kubectl label nodes minikube disktype=ssd 3 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M06_advanced_troubleshooting/solutions/example4-solution.txt: -------------------------------------------------------------------------------- 1 | # assuming a minikube-based cluster 2 | kubectl label nodes minikube disktype=ssd 3 | -------------------------------------------------------------------------------- /k01_kubernetes_fundamentals/secret-example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: secret-example 5 | type: Opaque 6 | data: 7 | username: YWRtaW4= 8 | password: MWYyZDFlMmU2N2Rm 9 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.4/pdb-eviction.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "policy/v1beta1", 3 | "kind": "Eviction", 4 | "metadata": { 5 | "name": "croc-hunter-838257170-9c7x2", 6 | "namespace": "default" 7 | } 8 | } -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.4/pdb-example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: policy/v1beta1 2 | kind: PodDisruptionBudget 3 | metadata: 4 | name: croc-hunter-pdb 5 | spec: 6 | selector: 7 | matchLabels: 8 | app: croc-hunter 9 | minAvailable: 3 -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.1/pod-disruption-budget.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: policy/v1beta1 2 | kind: PodDisruptionBudget 3 | metadata: 4 | name: disruptme 5 | spec: 6 | selector: 7 | matchLabels: 8 | name: myapp5pods 9 | minAvailable: 80% 10 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M06/6.3/example4.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: nginx 5 | spec: 6 | containers: 7 | - name: nginx 8 | image: nginx 9 | restartPolicy: Never 10 | nodeSelector: 11 | disktype: ssd 12 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/authz and authn/Policy_JSON_Example3: -------------------------------------------------------------------------------- 1 | # Kubelet can read and write events 2 | 3 | {"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user": "kubelet", "namespace": "*", "resource": "events"}} 4 | 5 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/authz and authn/Policy_JSON_Example2: -------------------------------------------------------------------------------- 1 | # Kubelet can read any pod 2 | 3 | {"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user": "kubelet", "namespace": "*", "resource": "pods", "readonly": true}} 4 | 5 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/authz and authn/Policy_JSON_Example1: -------------------------------------------------------------------------------- 1 | # User Alice has full access to all resources 2 | 3 | {"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user": "alice", "namespace": "*", "resource": "*", "apiGroup": "*"}} 4 | -------------------------------------------------------------------------------- /k01_kubernetes_fundamentals/service-example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: croc-hunter-service 5 | labels: 6 | spec: 7 | ports: 8 | - port: 80 9 | targetPort: 8080 10 | selector: 11 | app: croc-hunter 12 | type: NodePort 13 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.2/network-example-namespace.yaml: -------------------------------------------------------------------------------- 1 | kind: Namespace 2 | apiVersion: v1 3 | metadata: 4 | annotations: 5 | net.beta.kubernetes.io/network-policy: | 6 | { 7 | "ingress": { 8 | "isolation": "DefaultDeny" 9 | } 10 | } -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M06_advanced_troubleshooting/04_stuck-in-pending.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: nginx 5 | spec: 6 | containers: 7 | - name: nginx 8 | image: nginx 9 | restartPolicy: Never 10 | nodeSelector: 11 | disktype: ssd 12 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M02/build_distributions: -------------------------------------------------------------------------------- 1 | acs-engine - https://github.com/Azure/acs-engine 2 | Kops - https://github.com/kubernetes/kops 3 | Kubeadm - https://kubernetes.io/docs/getting-started-guides/kubeadm/ 4 | Kube-aws - https://coreos.com/kubernetes/docs/latest/kubernetes-on-aws.html 5 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.1/service-canary.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: gb-frontend 5 | labels: 6 | spec: 7 | ports: 8 | - port: 80 9 | targetPort: 8080 10 | selector: 11 | app: guestbook 12 | tier: frontend 13 | type: ClusterIP -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M06/6.3/example2.yaml: -------------------------------------------------------------------------------- 1 | kind: Pod 2 | apiVersion: v1 3 | metadata: 4 | name: lekube 5 | labels: 6 | name: lekube 7 | spec: 8 | containers: 9 | - name: nginx 10 | image: jsingerdumars/lekube:latest 11 | ports: 12 | - containerPort: 80 13 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M06/6.3/example1.yaml: -------------------------------------------------------------------------------- 1 | kind: Pod 2 | apiVersion: v1 3 | metadata: 4 | name: nginx 5 | labels: 6 | name: nginx 7 | tier: frontend 8 | spec: 9 | containers: 10 | - name: nginx 11 | image: nginx:1.3.2 12 | ports: 13 | - containerPort: 80 14 | -------------------------------------------------------------------------------- /k01_kubernetes_fundamentals/pod-basic.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: croc-hunter 5 | labels: 6 | app: croc-hunter 7 | spec: 8 | containers: 9 | - name: croc-hunter 10 | image: quay.io/lachie83/croc-hunter:v1 11 | ports: 12 | - containerPort: 8080 -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.1/single-container-pod-example.yaml: -------------------------------------------------------------------------------- 1 | kind: Pod 2 | apiVersion: v1 3 | metadata: 4 | name: nginx 5 | labels: 6 | name: nginx 7 | tier: frontend 8 | spec: 9 | containers: 10 | - name: nginx 11 | image: nginx 12 | ports: 13 | - containerPort: 80 14 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M06_advanced_troubleshooting/example2.yaml: -------------------------------------------------------------------------------- 1 | kind: Pod 2 | apiVersion: v1 3 | metadata: 4 | name: lekube 5 | labels: 6 | name: lekube 7 | spec: 8 | containers: 9 | - name: nginx 10 | image: jsingerdumars/lekube:latest 11 | ports: 12 | - containerPort: 80 13 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M06_advanced_troubleshooting/01_broken_pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: nginx 5 | labels: 6 | name: nginx 7 | tier: frontend 8 | spec: 9 | containers: 10 | - name: nginx 11 | image: nginx:1.3.2 12 | ports: 13 | - containerPort: 80 14 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/authz and authn/Policy_JSON_Example5_service_account: -------------------------------------------------------------------------------- 1 | # Grant default service account in kube-system full API privileges 2 | 3 | {"apiVersion":"abac.authorization.kubernetes.io/v1beta1","kind":"Policy","spec":{"user":"system:serviceaccount:kube-system:default","namespace":"*","resource":"*","apiGroup":"*"}} 4 | 5 | -------------------------------------------------------------------------------- /k01_kubernetes_fundamentals/pod-nodeselector.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: croc-hunter 5 | labels: 6 | app: croc-hunter 7 | spec: 8 | containers: 9 | - name: croc-hunter 10 | image: quay.io/lachie83/croc-hunter:v1 11 | ports: 12 | - containerPort: 8080 13 | nodeSelector: 14 | disktype: ssd -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.4/hpa-command-cheatsheet.md: -------------------------------------------------------------------------------- 1 | # Create deployment to apply hpa 2 | ```shell 3 | kubectl create -f hpa-deployment-example.yaml 4 | ``` 5 | 6 | # Create HPA 7 | ```shell 8 | kubectl autoscale deployment croc-hunter --min=3 --max=5 --cpu-percent=20 9 | ``` 10 | 11 | # Check HPA status 12 | ```shell 13 | kubectl get hpa 14 | ``` -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.4/limits-invalid-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: invalid-pod 5 | namespace: limits 6 | spec: 7 | containers: 8 | - name: kubernetes-serve-hostname 9 | image: gcr.io/google_containers/serve_hostname 10 | resources: 11 | limits: 12 | cpu: "2" 13 | memory: 100Mi -------------------------------------------------------------------------------- /k02_advanced_kubernetes/authz and authn/Webhook_Response_Denial.json: -------------------------------------------------------------------------------- 1 | # To disallow access, the remote service would return: 2 | 3 | { 4 | "apiVersion": "authorization.k8s.io/v1beta1", 5 | "kind": "SubjectAccessReview", 6 | "status": { 7 | "allowed": false, 8 | "reason": "user does not have read access to the namespace" 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M02/kubelet.monit: -------------------------------------------------------------------------------- 1 | check process kubelet with pidfile /var/run/kubelet.pid 2 | group kubelet 3 | start program = "/etc/init.d/kubelet start" 4 | stop program = "/etc/init.d/kubelet stop" 5 | if does not exist then restart 6 | if failed 7 | host 127.0.0.1 8 | port 10255 9 | protocol HTTP 10 | request "/healthz" 11 | then restart 12 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.3/volume-emptydir-example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: test-pd 5 | spec: 6 | containers: 7 | - image: gcr.io/google_containers/test-webserver 8 | name: test-container 9 | volumeMounts: 10 | - mountPath: /cache 11 | name: cache-volume 12 | volumes: 13 | - name: cache-volume 14 | emptyDir: {} -------------------------------------------------------------------------------- /k01_kubernetes_fundamentals/pod-envvar.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: croc-hunter 5 | labels: 6 | app: croc-hunter 7 | spec: 8 | containers: 9 | - name: croc-hunter 10 | image: quay.io/lachie83/croc-hunter:v1 11 | ports: 12 | - containerPort: 8080 13 | env: 14 | - name: WORKFLOW_RELEASE 15 | value: blah 16 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.4/limits-valid-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: valid-pod 5 | namespace: limits 6 | labels: 7 | name: valid-pod 8 | spec: 9 | containers: 10 | - name: kubernetes-serve-hostname 11 | image: gcr.io/google_containers/serve_hostname 12 | resources: 13 | limits: 14 | cpu: "1" 15 | memory: 512Mi -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.3/storageclass-azure-example.yaml: -------------------------------------------------------------------------------- 1 | kind: StorageClass 2 | apiVersion: storage.k8s.io/v1beta1 3 | metadata: 4 | name: default 5 | annotations: 6 | storageclass.beta.kubernetes.io/is-default-class: "true" 7 | labels: 8 | kubernetes.io/cluster-service: "true" 9 | addonmanager.kubernetes.io/mode: EnsureExists 10 | provisioner: kubernetes.io/azure-disk 11 | -------------------------------------------------------------------------------- /k01_kubernetes_fundamentals/pod-multicontainer.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: redis-django 5 | labels: 6 | app: web 7 | spec: 8 | containers: 9 | - name: redis 10 | image: redis 11 | ports: 12 | - containerPort: 6379 13 | - name: croc-hunter 14 | image: quay.io/lachie83/croc-hunter:v1 15 | ports: 16 | - containerPort: 8080 -------------------------------------------------------------------------------- /k01_kubernetes_fundamentals/pod-readiness.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: croc-hunter 5 | labels: 6 | app: croc-hunter 7 | spec: 8 | containers: 9 | - name: croc-hunter 10 | image: quay.io/lachie83/croc-hunter:v1 11 | ports: 12 | - containerPort: 8080 13 | readinessProbe: 14 | httpGet: 15 | path: / 16 | port: 8080 -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.1/multi-container-pod-example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: redis-django 5 | labels: 6 | app: web 7 | spec: 8 | containers: 9 | - name: key-value-store 10 | image: redis 11 | ports: 12 | - containerPort: 6379 13 | - name: frontend 14 | image: django 15 | ports: 16 | - containerPort: 8000 17 | -------------------------------------------------------------------------------- /k01_kubernetes_fundamentals/pod-resourcelimit.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: croc-hunter 5 | labels: 6 | app: croc-hunter 7 | spec: 8 | containers: 9 | - name: croc-hunter 10 | image: quay.io/lachie83/croc-hunter:v1 11 | ports: 12 | - containerPort: 8080 13 | resources: 14 | requests: 15 | cpu: 10m 16 | memory: 128Mi -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.2/ingress-simple-example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: croc-hunter 5 | annotations: 6 | kubernetes.io/ingress.class: nginx 7 | spec: 8 | rules: 9 | - host: croc-hunter.ingress.k8s.estrado.io 10 | http: 11 | paths: 12 | - path: / 13 | backend: 14 | serviceName: croc-hunter-s1 15 | servicePort: 80 -------------------------------------------------------------------------------- /k02_advanced_kubernetes/authz and authn/RBAC_Role_Example.yaml: -------------------------------------------------------------------------------- 1 | # an example of a role which grants read access to pods within the “default” namespace 2 | kind: Role 3 | apiVersion: rbac.authorization.k8s.io/v1alpha1 4 | metadata: 5 | namespace: default 6 | name: pod-reader 7 | rules: 8 | - apiGroups: [""] # The API group "" indicates the core API Group. 9 | resources: ["pods"] 10 | verbs: ["get", "watch", "list"] 11 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M02/kubelet.upstart: -------------------------------------------------------------------------------- 1 | description "kubernetes kubelet" 2 | 3 | start on runlevel [2345] 4 | stop on runlevel [!2345] 5 | 6 | limit nofile 20000 20000 7 | 8 | kill timeout 60 # wait 60s between SIGTERM and SIGKILL. 9 | 10 | exec /usr/local/bin/kubelet \ 11 | -address=%(kubelet_bind_addr)s \ 12 | -etcd_servers=%(etcd_servers)s \ 13 | -hostname_override=%(kubelet_bind_addr)s \ 14 | -logtostderr=true 15 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.1/replication-controller-example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ReplicationController 3 | metadata: 4 | name: nginx 5 | spec: 6 | replicas: 3 7 | selector: 8 | app: nginx 9 | template: 10 | metadata: 11 | name: nginx 12 | labels: 13 | app: nginx 14 | spec: 15 | containers: 16 | - name: nginx 17 | image: nginx 18 | ports: 19 | - containerPort: 80 20 | -------------------------------------------------------------------------------- /k01_kubernetes_fundamentals/pod-emptydir.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: croc-hunter 5 | labels: 6 | app: croc-hunter 7 | spec: 8 | containers: 9 | - name: croc-hunter 10 | image: quay.io/lachie83/croc-hunter:v1 11 | ports: 12 | - containerPort: 8080 13 | volumeMounts: 14 | - mountPath: /cache 15 | name: cache-volume 16 | volumes: 17 | - name: cache-volume 18 | emptyDir: {} -------------------------------------------------------------------------------- /k02_advanced_kubernetes/authz and authn/Webhook_Response.json: -------------------------------------------------------------------------------- 1 | # The remote service is expected to fill the SubjectAccessReviewStatus field of the request and respond to either allow or disallow access. The response body’s “spec” field is ignored and may be omitted. A permissive response would return: 2 | 3 | { 4 | "apiVersion": "authorization.k8s.io/v1beta1", 5 | "kind": "SubjectAccessReview", 6 | "status": { 7 | "allowed": true 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /k01_kubernetes_fundamentals/replica-set-example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: ReplicaSet 3 | metadata: 4 | name: nginx 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: nginx 10 | template: 11 | metadata: 12 | name: nginx 13 | labels: 14 | app: nginx 15 | spec: 16 | containers: 17 | - name: nginx 18 | image: nginx 19 | ports: 20 | - containerPort: 80 21 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.1/replica-set-example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: ReplicaSet 3 | metadata: 4 | name: nginx 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: nginx 10 | template: 11 | metadata: 12 | name: nginx 13 | labels: 14 | app: nginx 15 | spec: 16 | containers: 17 | - name: nginx 18 | image: nginx 19 | ports: 20 | - containerPort: 80 21 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.5/network-policy-example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: NetworkPolicy 3 | metadata: 4 | name: test-network-policy 5 | spec: 6 | podSelector: 7 | matchLabels: 8 | role: db 9 | ingress: 10 | - from: 11 | - namespaceSelector: 12 | matchLabels: 13 | project: myproject 14 | - podSelector: 15 | matchLabels: 16 | role: frontend 17 | ports: 18 | - protocol: tcp 19 | port: 6379 -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M02/kubelet.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Kubernetes Kubelet 3 | Documentation=https://github.com/kubernetes/kubernetes 4 | 5 | [Service] 6 | ExecStartPre=/usr/bin/mkdir -p /etc/kubernetes/manifests 7 | ExecStart=/usr/bin/kubelet \ 8 | --api-servers=http://127.0.0.1:8080 \ 9 | --allow-privileged=true \ 10 | --config=/etc/kubernetes/manifests \ 11 | --v=2 12 | Restart=on-failure 13 | RestartSec=5 14 | 15 | [Install] 16 | WantedBy=multi-user.target 17 | -------------------------------------------------------------------------------- /k01_kubernetes_fundamentals/replicationcontroller-example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ReplicationController 3 | metadata: 4 | name: croc-hunter 5 | spec: 6 | replicas: 3 7 | selector: 8 | app: croc-hunter 9 | template: 10 | metadata: 11 | name: croc-hunter 12 | labels: 13 | app: croc-hunter 14 | spec: 15 | containers: 16 | - name: croc-hunter 17 | image: quay.io/lachie83/croc-hunter:v1 18 | ports: 19 | - containerPort: 8080 -------------------------------------------------------------------------------- /k02_advanced_kubernetes/authz and authn/RBAC_RoleBinding_Example3.yaml: -------------------------------------------------------------------------------- 1 | # This cluster role binding allows anyone in the "manager" group to read secrets in any namespace. 2 | kind: ClusterRoleBinding 3 | apiVersion: rbac.authorization.k8s.io/v1alpha1 4 | metadata: 5 | name: read-secrets-global 6 | subjects: 7 | - kind: Group # May be "User", "Group" or "ServiceAccount" 8 | name: manager 9 | roleRef: 10 | kind: ClusterRole 11 | name: secret-reader 12 | apiGroup: rbac.authorization.k8s.io 13 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.4/pdb-command-cheatsheet.md: -------------------------------------------------------------------------------- 1 | # Create pdb 2 | ```shell 3 | kubectl create -f pdb-example.yaml 4 | ``` 5 | 6 | # View pdb 7 | ```shell 8 | kubectl get poddisruptionbudget 9 | ``` 10 | 11 | # Start kubectl proxy to kube-api 12 | ```shell 13 | kubectl proxy -p 8080 & 14 | ``` 15 | 16 | # Attempt eviction 17 | ```shell 18 | curl -v -H 'Content-type: application/json' http://127.0.0.1:8080/api/v1/namespaces/default/pods/croc-hunter-838257170-9c7x2/eviction -d @pdb-eviction.json 19 | ``` -------------------------------------------------------------------------------- /k01_kubernetes_fundamentals/pod-hostpath.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: croc-hunter 5 | labels: 6 | app: croc-hunter 7 | spec: 8 | containers: 9 | - name: croc-hunter 10 | image: quay.io/lachie83/croc-hunter:v1 11 | ports: 12 | - containerPort: 8080 13 | volumeMounts: 14 | - mountPath: /test-pd 15 | name: test-volume 16 | volumes: 17 | - name: test-volume 18 | hostPath: 19 | # directory location on host 20 | path: /data -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.3/configmap-nginx-example.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80 default_server; 3 | listen [::]:80 default_server ipv6only=on; 4 | 5 | listen 443 ssl; 6 | 7 | root /usr/share/nginx/html; 8 | index index.html; 9 | 10 | server_name localhost; 11 | ssl_certificate /etc/nginx/ssl/nginx.crt; 12 | ssl_certificate_key /etc/nginx/ssl/nginx.key; 13 | 14 | location / { 15 | try_files $uri $uri/ =404; 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.3/pvc-gce-pd-example.yaml: -------------------------------------------------------------------------------- 1 | kind: StorageClass 2 | apiVersion: storage.k8s.io/v1 3 | metadata: 4 | name: slow 5 | provisioner: kubernetes.io/gce-pd 6 | parameters: 7 | type: pd-standard 8 | zone: us-central1-a 9 | --- 10 | kind: PersistentVolumeClaim 11 | apiVersion: v1 12 | metadata: 13 | name: data 14 | annotations: 15 | volume.beta.kubernetes.io/storage-class: "slow" 16 | spec: 17 | accessModes: 18 | - ReadWriteOnce 19 | resources: 20 | requests: 21 | storage: 8Gi 22 | -------------------------------------------------------------------------------- /k01_kubernetes_fundamentals/deployment-basic.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: croc-hunter 5 | spec: 6 | replicas: 3 7 | strategy: 8 | type: RollingUpdate 9 | selector: 10 | matchLabels: 11 | app: croc-hunter 12 | template: 13 | metadata: 14 | labels: 15 | app: croc-hunter 16 | spec: 17 | containers: 18 | - name: croc-hunter 19 | image: quay.io/lachie83/croc-hunter:v1 20 | ports: 21 | - containerPort: 8080 22 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.2/ingress-multipath-example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: croc-hunter 5 | annotations: 6 | kubernetes.io/ingress.class: nginx 7 | spec: 8 | rules: 9 | - host: croc-hunter.ingress.k8s.estrado.io 10 | http: 11 | paths: 12 | - path: /v1 13 | backend: 14 | serviceName: croc-hunter-s1 15 | servicePort: 80 16 | - path: /v2 17 | backend: 18 | serviceName: croc-hunter-s2 19 | servicePort: 80 -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.3/pvc-aws-ebs-example.yaml: -------------------------------------------------------------------------------- 1 | kind: StorageClass 2 | apiVersion: storage.k8s.io/v1beta1 3 | metadata: 4 | name: slow 5 | provisioner: kubernetes.io/aws-ebs 6 | parameters: 7 | type: io1 8 | zone: us-east-1d 9 | iopsPerGB: "10" 10 | --- 11 | kind: PersistentVolumeClaim 12 | apiVersion: v1 13 | metadata: 14 | name: data 15 | annotations: 16 | volume.beta.kubernetes.io/storage-class: "slow" 17 | spec: 18 | accessModes: 19 | - ReadWriteOnce 20 | resources: 21 | requests: 22 | storage: 8Gi -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.3/volume-aws-example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: test-ebs 5 | spec: 6 | containers: 7 | - image: gcr.io/google_containers/test-webserver 8 | name: test-container 9 | volumeMounts: 10 | - mountPath: /test-ebs 11 | name: test-volume 12 | volumes: 13 | - name: test-volume 14 | # This AWS EBS volume must already exist. 15 | awsElasticBlockStore: 16 | # must be the EBS volume ID, created in advance 17 | volumeID: 18 | fsType: ext4 -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.3/volume-gce-example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: test-pd 5 | spec: 6 | containers: 7 | - image: gcr.io/google_containers/test-webserver 8 | name: test-container 9 | volumeMounts: 10 | - mountPath: /test-pd 11 | name: test-volume 12 | volumes: 13 | - name: test-volume 14 | # This GCE PD must already exist. 15 | gcePersistentDisk: 16 | # must be the name of the persistent disk, created in advance 17 | pdName: my-data-disk 18 | fsType: ext4 -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.4/hpa-deployment-example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: croc-hunter 5 | spec: 6 | replicas: 3 7 | strategy: 8 | type: RollingUpdate 9 | selector: 10 | matchLabels: 11 | app: croc-hunter 12 | template: 13 | metadata: 14 | labels: 15 | app: croc-hunter 16 | spec: 17 | containers: 18 | - name: croc-hunter 19 | image: quay.io/lachie83/croc-hunter:v1 20 | ports: 21 | - containerPort: 8080 -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.1/deployment-example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: nginx-deployment 5 | spec: 6 | replicas: 3 7 | # progressDeadlineSeconds: 10 8 | strategy: 9 | # maxUnavailable: 0 10 | # maxSurge: 3 11 | # type: Recreate 12 | type: RollingUpdate 13 | template: 14 | metadata: 15 | labels: 16 | app: nginx 17 | spec: 18 | containers: 19 | - name: nginx 20 | image: nginx:1.7.9 21 | ports: 22 | - containerPort: 80 23 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/authz and authn/RBAC_RoleBinding_Example2.yaml: -------------------------------------------------------------------------------- 1 | # This role binding allows "dave" to read secrets in the namespace "development" 2 | kind: RoleBinding 3 | apiVersion: rbac.authorization.k8s.io/v1alpha1 4 | metadata: 5 | name: read-secrets 6 | namespace: development # This binding only applies in the "development" namespace 7 | subjects: 8 | - kind: User # May be "User", "Group" or "ServiceAccount" 9 | name: dave 10 | roleRef: 11 | kind: ClusterRole 12 | name: secret-reader 13 | apiGroup: rbac.authorization.k8s.io 14 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.2/ingress-s1-example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: croc-hunter-s1 5 | labels: 6 | spec: 7 | ports: 8 | - port: 80 9 | targetPort: 8080 10 | selector: 11 | app: croc-hunter-s1 12 | type: ClusterIP 13 | --- 14 | apiVersion: v1 15 | kind: Pod 16 | metadata: 17 | name: croc-hunter-s1 18 | labels: 19 | app: croc-hunter-s1 20 | spec: 21 | containers: 22 | - name: croc-hunter 23 | image: quay.io/lachie83/croc-hunter:v1 24 | ports: 25 | - containerPort: 8080 -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.2/ingress-s2-example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: croc-hunter-s2 5 | labels: 6 | spec: 7 | ports: 8 | - port: 80 9 | targetPort: 8080 10 | selector: 11 | app: croc-hunter-s2 12 | type: ClusterIP 13 | --- 14 | apiVersion: v1 15 | kind: Pod 16 | metadata: 17 | name: croc-hunter-s2 18 | labels: 19 | app: croc-hunter-s2 20 | spec: 21 | containers: 22 | - name: croc-hunter 23 | image: quay.io/lachie83/croc-hunter:v2 24 | ports: 25 | - containerPort: 8080 -------------------------------------------------------------------------------- /k01_kubernetes_fundamentals/pod-liveness.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | 4 | metadata: 5 | labels: 6 | test: liveness 7 | name: liveness-exec 8 | spec: 9 | containers: 10 | 11 | - name: liveness 12 | 13 | args: 14 | - /bin/sh 15 | - -c 16 | - touch /tmp/healthy; sleep 30; rm -rf /tmp/healthy; sleep 600 17 | 18 | image: gcr.io/google_containers/busybox 19 | 20 | livenessProbe: 21 | exec: 22 | command: 23 | - cat 24 | - /tmp/healthy 25 | initialDelaySeconds: 5 26 | periodSeconds: 5 27 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.4/limits-example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: LimitRange 3 | metadata: 4 | name: limits-example 5 | namespace: limits 6 | spec: 7 | limits: 8 | - max: 9 | cpu: "1" 10 | memory: 1Gi 11 | min: 12 | cpu: 200m 13 | memory: 6Mi 14 | type: Pod 15 | - default: 16 | cpu: 300m 17 | memory: 200Mi 18 | defaultRequest: 19 | cpu: 200m 20 | memory: 100Mi 21 | max: 22 | cpu: "1" 23 | memory: 1Gi 24 | min: 25 | cpu: 100m 26 | memory: 3Mi 27 | type: Container -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.2/external-service-example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: external-service 5 | spec: 6 | ports: 7 | - 8 | name: "mysql" 9 | protocol: "TCP" 10 | port: 3306 11 | targetPort: 3306 12 | nodePort: 0 13 | # selector must be blank for external services 14 | selector: {} 15 | 16 | --- 17 | kind: "Endpoints" 18 | apiVersion: "v1" 19 | metadata: 20 | name: "external-service" 21 | subsets: 22 | - addresses: 23 | - ip: "10.10.1.1" 24 | ports: 25 | - name: "mysql" 26 | port: 3306 27 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.3/pvc-azure-pd-example.yaml: -------------------------------------------------------------------------------- 1 | kind: StorageClass 2 | apiVersion: storage.k8s.io/v1 3 | metadata: 4 | name: east 5 | provisioner: kubernetes.io/azure-disk 6 | parameters: 7 | skuName: Standard_LRS 8 | location: eastus 9 | storageAccount: azure_storage_account_name 10 | --- 11 | kind: PersistentVolumeClaim 12 | apiVersion: v1 13 | metadata: 14 | name: data 15 | annotations: 16 | volume.beta.kubernetes.io/storage-class: "east" 17 | spec: 18 | accessModes: 19 | - ReadWriteOnce 20 | resources: 21 | requests: 22 | storage: 8Gi 23 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.2/ingress-multihost-example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: croc-hunter-multihost 5 | annotations: 6 | kubernetes.io/ingress.class: nginx 7 | spec: 8 | rules: 9 | - host: croc-hunter-v1.ingress.k8s.estrado.io 10 | http: 11 | paths: 12 | - backend: 13 | serviceName: croc-hunter-s1 14 | servicePort: 80 15 | - host: croc-hunter-v2.ingress.k8s.estrado.io 16 | http: 17 | paths: 18 | - backend: 19 | serviceName: croc-hunter-s2 20 | servicePort: 80 -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.3/volume-secret-example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: mysecret 5 | type: Opaque 6 | data: 7 | username: cnViYmVyCg== 8 | password: ZHVja3kK 9 | --- 10 | apiVersion: v1 11 | kind: Pod 12 | metadata: 13 | name: mysecret-fs-pod 14 | spec: 15 | containers: 16 | - name: nginx 17 | image: nginx 18 | volumeMounts: 19 | - name: "secrets" 20 | mountPath: "/etc/mysecrets" 21 | readOnly: true 22 | volumes: 23 | - name: "secrets" 24 | secret: 25 | secretName: "mysecret" 26 | restartPolicy: Never -------------------------------------------------------------------------------- /k01_kubernetes_fundamentals/job-example-pi.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: Job 3 | metadata: 4 | name: pi 5 | spec: 6 | template: 7 | metadata: 8 | name: pi 9 | spec: 10 | containers: 11 | - name: pi 12 | image: perl 13 | command: ["perl", "-Mbignum=bpi", "-wle", "print bpi(2000)"] 14 | # Only a RestartPolicy equal to Never or OnFailure is allowed 15 | restartPolicy: Never 16 | 17 | # To get the output: 18 | # pods=$(kubectl get pods --show-all --selector=job-name=pi --output=jsonpath={.items..metadata.name}) 19 | # echo $pods 20 | # kubectl logs $pods 21 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.2/ingress-tls-example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | annotations: 5 | kubernetes.io/ingress.class: nginx 6 | name: croc-hunter-tls 7 | spec: 8 | rules: 9 | - host: croc-hunter-tls.ingress.k8s.estrado.io 10 | http: 11 | paths: 12 | - backend: 13 | serviceName: croc-hunter-s1 14 | servicePort: 80 15 | path: / 16 | tls: 17 | - hosts: 18 | - croc-hunter-tls.ingress.k8s.estrado.io 19 | secretName: croc-hunter-tls 20 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.1/job-example-pi.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: Job 3 | metadata: 4 | name: pi 5 | spec: 6 | template: 7 | metadata: 8 | name: pi 9 | spec: 10 | containers: 11 | - name: pi 12 | image: perl 13 | command: ["perl", "-Mbignum=bpi", "-wle", "print bpi(2000)"] 14 | # Only a RestartPolicy equal to Never or OnFailure is allowed 15 | restartPolicy: Never 16 | 17 | # To get the output: 18 | # pods=$(kubectl get pods --show-all --selector=job-name=pi --output=jsonpath={.items..metadata.name}) 19 | # echo $pods 20 | # kubectl logs $pods 21 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.2/frontend-service-example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: frontend-service 5 | spec: 6 | ports: 7 | - port: 80 8 | targetPort: 8080 9 | selector: 10 | app: webapp 11 | role: frontend 12 | type: NodePort 13 | --- 14 | apiVersion: v1 15 | kind: Pod 16 | metadata: 17 | name: example-go 18 | labels: 19 | app: webapp 20 | role: frontend 21 | spec: 22 | containers: 23 | - name: example-go 24 | image: deis/example-go 25 | ports: 26 | - containerPort: 8080 27 | env: 28 | - name: PORT 29 | value: "8080" 30 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.2/services-commands-cheatsheet.md: -------------------------------------------------------------------------------- 1 | # Create simple backend service and pod 2 | ```shell 3 | kubectl create -f frontend-service-example.yaml 4 | kubectl get pods,svc -o wide 5 | kubectl describe svc/frontend-service 6 | ``` 7 | 8 | ``` 9 | curl : 10 | Powered by Deis 11 | ``` 12 | 13 | # tail pod log file 14 | ```shell 15 | kubectl logs po/ -f 16 | ``` 17 | 18 | # Create external service and endpoint 19 | # Not sure if this is possible w/minikube 20 | ```shell 21 | kubectl create -f external-service-example.yaml 22 | kubectl get svc 23 | kubectl describe svc 24 | ``` 25 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/authz and authn/RBAC_Cluster_Role_Example.yaml: -------------------------------------------------------------------------------- 1 | # Cluster Roles example 2 | # ClusterRoles hold the same information as a Role but can apply to any namespace as well as non-namespaced resources (such as Nodes, PersistentVolume, etc.). The following ClusterRole can grant permissions to read secrets in any namespace. 3 | 4 | kind: ClusterRole 5 | apiVersion: rbac.authorization.k8s.io/v1alpha1 6 | metadata: 7 | # "namespace" omitted since ClusterRoles are not namespaced. 8 | name: secret-reader 9 | rules: 10 | - apiGroups: [""] 11 | resources: ["secrets"] 12 | verbs: ["get", "watch", "list"] 13 | nonResourceURLs: [] 14 | -------------------------------------------------------------------------------- /k01_kubernetes_fundamentals/pod-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: zebra 5 | type: Opaque 6 | data: 7 | portz: ODA4MAo= 8 | powered-by: RGVpcyBhbmQuLi55b3UhCg== 9 | --- 10 | apiVersion: v1 11 | kind: Pod 12 | metadata: 13 | name: croc-hunter 14 | labels: 15 | app: croc-hunter 16 | spec: 17 | containers: 18 | - name: croc-hunter 19 | image: quay.io/lachie83/croc-hunter:v1 20 | ports: 21 | - containerPort: 8080 22 | volumeMounts: 23 | - name: secret-volume 24 | mountPath: "/etc/secret" 25 | readOnly: true 26 | volumes: 27 | - name: secret-volume 28 | secret: 29 | secretName: zebra 30 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/authz and authn/RBAC_RoleBinding_Example.yaml: -------------------------------------------------------------------------------- 1 | # RoleBindings perform the task of granting the permission to a user or set of users. They hold a list of subjects which they apply to, and a reference to the Role being assigned. 2 | 3 | # The following RoleBinding assigns the “pod-reader” role to the user “jane” within the “default” namespace, and allows jane to read pods. 4 | 5 | kind: RoleBinding 6 | apiVersion: rbac.authorization.k8s.io/v1alpha1 7 | metadata: 8 | name: read-pods 9 | namespace: default 10 | subjects: 11 | - kind: User # May be "User", "Group" or "ServiceAccount" 12 | name: jane 13 | roleRef: 14 | kind: Role 15 | name: pod-reader 16 | apiGroup: rbac.authorization.k8s.io 17 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M06/6.3/example5.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: mysecret 5 | type: Opaque 6 | data: 7 | portz: ODA4MAo= 8 | powered-by: RGVpcyBhbmQuLi55b3UhCg== 9 | --- 10 | apiVersion: v1 11 | kind: Pod 12 | metadata: 13 | name: example-go-secrets 14 | labels: 15 | app: webapp 16 | role: frontend 17 | spec: 18 | containers: 19 | - name: example-go 20 | image: deis/example-go 21 | env: 22 | - name: POWERED_BY 23 | valueFrom: 24 | secretKeyRef: 25 | name: example-go-secret 26 | key: powered-by 27 | - name: PORT 28 | valueFrom: 29 | secretKeyRef: 30 | name: example-go-secret 31 | key: port 32 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.4/limits-command-cheatsheet.md: -------------------------------------------------------------------------------- 1 | # Create limits namespace 2 | ```shell 3 | kubectl create -f limits-namespace.yaml 4 | ``` 5 | 6 | # Apply limits to limits namespace 7 | ```shell 8 | kubectl create -f limits-example.yaml 9 | ``` 10 | 11 | # Inspect limits 12 | ```shell 13 | kubectl describe limits -n limits 14 | ``` 15 | 16 | # Run pod without resources defined verify defaults applied 17 | ```shell 18 | kubectl run nginx --image=nginx --replicas=1 --namespace=limits 19 | kubectl get po/nginx-701339712-9gpzj -n limits -o yaml | grep resources -C 8 20 | ``` 21 | 22 | # Run invalid pod 23 | ```shell 24 | kubectl create -f limits-invalid-pod.yaml 25 | ``` 26 | 27 | # Run valid pod 28 | ```shell 29 | kubectl create -f limits-valid-pod.yaml 30 | ``` -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M06_advanced_troubleshooting/05_a_secret_made_is_a_secret_kept.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: mysecret 5 | type: Opaque 6 | data: 7 | portz: ODA4MAo= 8 | powered-by: RGVpcyBhbmQuLi55b3UhCg== 9 | --- 10 | apiVersion: v1 11 | kind: Pod 12 | metadata: 13 | name: example-go-secrets 14 | labels: 15 | app: webapp 16 | role: frontend 17 | spec: 18 | containers: 19 | - name: example-go 20 | image: deis/example-go 21 | env: 22 | - name: POWERED_BY 23 | valueFrom: 24 | secretKeyRef: 25 | name: example-go-secret 26 | key: powered-by 27 | - name: PORT 28 | valueFrom: 29 | secretKeyRef: 30 | name: example-go-secret 31 | key: port 32 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M06/6.3/solutions/example5-solution.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | # fixed secret name 5 | name: example-go-secret 6 | type: Opaque 7 | data: 8 | # fixed secret key value 9 | port: ODA4MAo= 10 | powered-by: RGVpcyBhbmQuLi55b3UhCg== 11 | --- 12 | apiVersion: v1 13 | kind: Pod 14 | metadata: 15 | name: example-go-secrets 16 | labels: 17 | app: webapp 18 | role: frontend 19 | spec: 20 | containers: 21 | - name: example-go 22 | image: deis/example-go 23 | env: 24 | - name: POWERED_BY 25 | valueFrom: 26 | secretKeyRef: 27 | name: example-go-secret 28 | key: powered-by 29 | - name: PORT 30 | valueFrom: 31 | secretKeyRef: 32 | name: example-go-secret 33 | key: port 34 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.1/deployment-canary-stable.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: frontend 5 | labels: 6 | app: guestbook 7 | tier: frontend 8 | track: stable 9 | spec: 10 | replicas: 3 11 | selector: 12 | matchLabels: 13 | app: guestbook 14 | tier: frontend 15 | track: stable 16 | template: 17 | metadata: 18 | labels: 19 | app: guestbook 20 | tier: frontend 21 | track: stable 22 | spec: 23 | containers: 24 | - name: php-redis 25 | image: gcr.io/google-samples/gb-frontend:v3 26 | resources: 27 | requests: 28 | cpu: 100m 29 | memory: 100Mi 30 | env: 31 | - name: GET_HOSTS_FROM 32 | value: dns 33 | ports: 34 | - containerPort: 80 -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.1/deployment-canary.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: frontend-canary 5 | labels: 6 | app: guestbook 7 | tier: frontend 8 | track: canary 9 | spec: 10 | replicas: 1 11 | selector: 12 | matchLabels: 13 | app: guestbook 14 | tier: frontend 15 | track: canary 16 | template: 17 | metadata: 18 | labels: 19 | app: guestbook 20 | tier: frontend 21 | track: canary 22 | spec: 23 | containers: 24 | - name: php-redis 25 | image: gcr.io/google-samples/gb-frontend:v4 26 | resources: 27 | requests: 28 | cpu: 100m 29 | memory: 100Mi 30 | env: 31 | - name: GET_HOSTS_FROM 32 | value: dns 33 | ports: 34 | - containerPort: 80 -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M06_advanced_troubleshooting/solutions/example5-solution.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | # fixed secret name 5 | name: example-go-secret 6 | type: Opaque 7 | data: 8 | # fixed secret key value 9 | port: ODA4MAo= 10 | powered-by: RGVpcyBhbmQuLi55b3UhCg== 11 | --- 12 | apiVersion: v1 13 | kind: Pod 14 | metadata: 15 | name: example-go-secrets 16 | labels: 17 | app: webapp 18 | role: frontend 19 | spec: 20 | containers: 21 | - name: example-go 22 | image: deis/example-go 23 | env: 24 | - name: POWERED_BY 25 | valueFrom: 26 | secretKeyRef: 27 | name: example-go-secret 28 | key: powered-by 29 | - name: PORT 30 | valueFrom: 31 | secretKeyRef: 32 | name: example-go-secret 33 | key: port 34 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/authz and authn/Webhook_Non-Resource_Request.json: -------------------------------------------------------------------------------- 1 | # Non-resource paths include: /api, /apis, /metrics, /resetMetrics, /logs, /debug, /healthz, /swagger-ui/, /swaggerapi/, /ui, and /version. Clients require access to /api, /api/*, /apis, /apis/*, and /version to discover what resources and versions are present on the server. Access to other non-resource paths can be disallowed without restricting access to the REST api. 2 | 3 | # For further documentation refer to the authorization.v1beta1 API objects and plugin/pkg/auth/authorizer/webhook/webhook.go. 4 | 5 | 6 | { 7 | "apiVersion": "authorization.k8s.io/v1beta1", 8 | "kind": "SubjectAccessReview", 9 | "spec": { 10 | "nonResourceAttributes": { 11 | "path": "/debug", 12 | "verb": "GET" 13 | }, 14 | "user": "jane", 15 | "group": [ 16 | "group1", 17 | "group2" 18 | ] 19 | } 20 | } 21 | 22 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M06/6.3/example6.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolume 3 | metadata: 4 | name: pv0001 5 | spec: 6 | accessModes: 7 | - ReadWriteOnce 8 | capacity: 9 | storage: 10Gi 10 | hostPath: 11 | path: /dataz 12 | --- 13 | kind: PersistentVolumeClaim 14 | apiVersion: v1 15 | metadata: 16 | name: myclaim 17 | spec: 18 | accessModes: 19 | - ReadWriteOnce 20 | resources: 21 | requests: 22 | storage: 15Gi 23 | --- 24 | apiVersion: v1 25 | kind: Pod 26 | metadata: 27 | name: nginx-volumes 28 | labels: 29 | app: webapp 30 | role: frontend 31 | spec: 32 | containers: 33 | - name: nginx 34 | image: nginx 35 | volumeMounts: 36 | - mountPath: /dataz 37 | name: my-pd 38 | env: 39 | - name: PORT 40 | value: "8080" 41 | volumes: 42 | - name: my-pd 43 | persistentVolumeClaim: 44 | claimName: myclaim 45 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M06/6.3/example7.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolume 3 | metadata: 4 | name: pv0001 5 | spec: 6 | accessModes: 7 | - ReadWriteOnce 8 | capacity: 9 | storage: 10Gi 10 | hostPath: 11 | path: /dataz 12 | --- 13 | kind: PersistentVolumeClaim 14 | apiVersion: v1 15 | metadata: 16 | name: myclaim 17 | spec: 18 | accessModes: 19 | - ReadWriteOnce 20 | resources: 21 | requests: 22 | storage: 10Gi 23 | --- 24 | apiVersion: v1 25 | kind: Pod 26 | metadata: 27 | name: nginx-volumes 28 | labels: 29 | app: webapp 30 | role: frontend 31 | spec: 32 | containers: 33 | - name: nginx 34 | image: nginx 35 | volumeMounts: 36 | - mountPath: /dataz 37 | name: my-pd 38 | env: 39 | - name: PORT 40 | value: "8080" 41 | volumes: 42 | - name: my-pd 43 | persistentVolumeClaim: 44 | claimName: i-need-a-claim 45 | -------------------------------------------------------------------------------- /k01_kubernetes_fundamentals/cronjob-example.yaml: -------------------------------------------------------------------------------- 1 | # * * * * * * 2 | # | | | | | | 3 | # | | | | | +-- Year (range: 1900-3000) 4 | # | | | | +---- Day of the Week (range: 1-7, 1 standing for Monday) 5 | # | | | +------ Month of the Year (range: 1-12) 6 | # | | +-------- Day of the Month (range: 1-31) 7 | # | +---------- Hour (range: 0-23) 8 | # +------------ Minute (range: 0-59) 9 | 10 | apiVersion: batch/v2alpha1 11 | kind: CronJob 12 | metadata: 13 | name: hello 14 | spec: 15 | # Uses standard crontab format 16 | schedule: "*/1 * * * *" 17 | jobTemplate: 18 | spec: 19 | template: 20 | spec: 21 | containers: 22 | - name: hello 23 | image: busybox 24 | args: 25 | - /bin/sh 26 | - -c 27 | - date; echo Hello from the Kubernetes cluster 28 | restartPolicy: OnFailure 29 | 30 | # kubectl get cronjob hello 31 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.1/cronjob-example.yaml: -------------------------------------------------------------------------------- 1 | # * * * * * * 2 | # | | | | | | 3 | # | | | | | +-- Year (range: 1900-3000) 4 | # | | | | +---- Day of the Week (range: 1-7, 1 standing for Monday) 5 | # | | | +------ Month of the Year (range: 1-12) 6 | # | | +-------- Day of the Month (range: 1-31) 7 | # | +---------- Hour (range: 0-23) 8 | # +------------ Minute (range: 0-59) 9 | 10 | apiVersion: batch/v2alpha1 11 | kind: CronJob 12 | metadata: 13 | name: hello 14 | spec: 15 | # Uses standard crontab format 16 | schedule: "*/1 * * * *" 17 | jobTemplate: 18 | spec: 19 | template: 20 | spec: 21 | containers: 22 | - name: hello 23 | image: busybox 24 | args: 25 | - /bin/sh 26 | - -c 27 | - date; echo Hello from the Kubernetes cluster 28 | restartPolicy: OnFailure 29 | 30 | # kubectl get cronjob hello 31 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M06_advanced_troubleshooting/07_claim_your_stake.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolume 3 | metadata: 4 | name: pv0001 5 | spec: 6 | accessModes: 7 | - ReadWriteOnce 8 | capacity: 9 | storage: 10Gi 10 | hostPath: 11 | path: /dataz 12 | --- 13 | kind: PersistentVolumeClaim 14 | apiVersion: v1 15 | metadata: 16 | name: myclaim 17 | spec: 18 | accessModes: 19 | - ReadWriteOnce 20 | resources: 21 | requests: 22 | storage: 10Gi 23 | --- 24 | apiVersion: v1 25 | kind: Pod 26 | metadata: 27 | name: nginx-volumes 28 | labels: 29 | app: webapp 30 | role: frontend 31 | spec: 32 | containers: 33 | - name: nginx 34 | image: nginx 35 | volumeMounts: 36 | - mountPath: /dataz 37 | name: my-pd 38 | env: 39 | - name: PORT 40 | value: "8080" 41 | volumes: 42 | - name: my-pd 43 | persistentVolumeClaim: 44 | claimName: i-need-a-claim 45 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M06_advanced_troubleshooting/06_can_only_give_you_what_i_have.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolume 3 | metadata: 4 | name: pv0001 5 | spec: 6 | accessModes: 7 | - ReadWriteOnce 8 | capacity: 9 | storage: 10Gi 10 | hostPath: 11 | path: /dataz 12 | --- 13 | kind: PersistentVolumeClaim 14 | apiVersion: v1 15 | metadata: 16 | name: myclaim 17 | spec: 18 | accessModes: 19 | - ReadWriteOnce 20 | resources: 21 | requests: 22 | storage: 15Gi 23 | --- 24 | apiVersion: v1 25 | kind: Pod 26 | metadata: 27 | name: nginx-volumes 28 | labels: 29 | app: webapp 30 | role: frontend 31 | spec: 32 | containers: 33 | - name: nginx 34 | image: nginx 35 | volumeMounts: 36 | - mountPath: /dataz 37 | name: my-pd 38 | env: 39 | - name: PORT 40 | value: "8080" 41 | volumes: 42 | - name: my-pd 43 | persistentVolumeClaim: 44 | claimName: myclaim 45 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M06/6.3/solutions/example7-solutions.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolume 3 | metadata: 4 | name: pv0001 5 | spec: 6 | accessModes: 7 | - ReadWriteOnce 8 | capacity: 9 | storage: 10Gi 10 | hostPath: 11 | path: /dataz 12 | --- 13 | kind: PersistentVolumeClaim 14 | apiVersion: v1 15 | metadata: 16 | name: myclaim 17 | spec: 18 | accessModes: 19 | - ReadWriteOnce 20 | resources: 21 | requests: 22 | storage: 10Gi 23 | --- 24 | apiVersion: v1 25 | kind: Pod 26 | metadata: 27 | name: nginx-volumes 28 | labels: 29 | app: webapp 30 | role: frontend 31 | spec: 32 | containers: 33 | - name: nginx 34 | image: nginx 35 | volumeMounts: 36 | - mountPath: /dataz 37 | name: my-pd 38 | env: 39 | - name: PORT 40 | value: "8080" 41 | volumes: 42 | - name: my-pd 43 | persistentVolumeClaim: 44 | # Was using the wrong claim name 45 | claimName: myclaim 46 | -------------------------------------------------------------------------------- /k01_kubernetes_fundamentals/pod-downwardapi-volume.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: kubernetes-downwardapi-volume-example 5 | labels: 6 | zone: us-east-coast 7 | cluster: test-cluster1 8 | rack: rack-22 9 | annotations: 10 | build: two 11 | builder: john-doe 12 | spec: 13 | containers: 14 | - name: client-container 15 | image: gcr.io/google_containers/busybox 16 | command: ["sh", "-c", "while true; do if [[ -e /etc/labels ]]; then cat /etc/labels; fi; if [[ -e /etc/annotations ]]; then cat /etc/annotations; fi; sleep 5; done"] 17 | volumeMounts: 18 | - name: podinfo 19 | mountPath: /etc 20 | readOnly: false 21 | volumes: 22 | - name: podinfo 23 | downwardAPI: 24 | items: 25 | - path: "labels" 26 | fieldRef: 27 | fieldPath: metadata.labels 28 | - path: "annotations" 29 | fieldRef: 30 | fieldPath: metadata.annotations -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M06_advanced_troubleshooting/solutions/example7-solutions.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolume 3 | metadata: 4 | name: pv0001 5 | spec: 6 | accessModes: 7 | - ReadWriteOnce 8 | capacity: 9 | storage: 10Gi 10 | hostPath: 11 | path: /dataz 12 | --- 13 | kind: PersistentVolumeClaim 14 | apiVersion: v1 15 | metadata: 16 | name: myclaim 17 | spec: 18 | accessModes: 19 | - ReadWriteOnce 20 | resources: 21 | requests: 22 | storage: 10Gi 23 | --- 24 | apiVersion: v1 25 | kind: Pod 26 | metadata: 27 | name: nginx-volumes 28 | labels: 29 | app: webapp 30 | role: frontend 31 | spec: 32 | containers: 33 | - name: nginx 34 | image: nginx 35 | volumeMounts: 36 | - mountPath: /dataz 37 | name: my-pd 38 | env: 39 | - name: PORT 40 | value: "8080" 41 | volumes: 42 | - name: my-pd 43 | persistentVolumeClaim: 44 | # Was using the wrong claim name 45 | claimName: myclaim 46 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M06/6.3/solutions/example6-solution.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolume 3 | metadata: 4 | name: pv0001 5 | spec: 6 | accessModes: 7 | - ReadWriteOnce 8 | capacity: 9 | storage: 10Gi 10 | hostPath: 11 | path: /dataz 12 | --- 13 | kind: PersistentVolumeClaim 14 | apiVersion: v1 15 | metadata: 16 | name: myclaim 17 | spec: 18 | accessModes: 19 | - ReadWriteOnce 20 | resources: 21 | requests: 22 | # problem: PVC requested a PV with more storage than was available 23 | storage: 10Gi 24 | --- 25 | apiVersion: v1 26 | kind: Pod 27 | metadata: 28 | name: nginx-volumes 29 | labels: 30 | app: webapp 31 | role: frontend 32 | spec: 33 | containers: 34 | - name: nginx 35 | image: nginx 36 | volumeMounts: 37 | - mountPath: /dataz 38 | name: my-pd 39 | env: 40 | - name: PORT 41 | value: "8080" 42 | volumes: 43 | - name: my-pd 44 | persistentVolumeClaim: 45 | claimName: myclaim 46 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.2/ingress-command-cheatsheet.md: -------------------------------------------------------------------------------- 1 | # Create backend service and pod 2 | ```shell 3 | kubectl create -f ingress-s1-example.yaml 4 | kubectl create -f ingress-s2-example.yaml 5 | kubectl get pods,svc,ep 6 | ``` 7 | # tail ingress-controller log file 8 | ```shell 9 | kubectl logs po/ -f 10 | ``` 11 | 12 | # Simple example 13 | ```shell 14 | kubectl create -f ingress-simple-example.yaml 15 | kubectl get ingress 16 | kubectl describe ingress 17 | curl 18 | ``` 19 | 20 | # Multi-path example 21 | ```shell 22 | kubectl create -f ingress-multipath-example.yaml 23 | curl http:/// 24 | curl http:/// 25 | ``` 26 | 27 | # Multi-host example 28 | ```shell 29 | kubectl create -f ingress-mutihost-example.yaml 30 | curl http:// 31 | curl http:// 32 | ``` 33 | 34 | # TLS example 35 | ```shell 36 | kubectl create -f ingress-tls-secret.yaml 37 | kubectl create -f ingress-tls-example.yaml 38 | curl https:// 39 | ``` 40 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M06_advanced_troubleshooting/solutions/example6-solution.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolume 3 | metadata: 4 | name: pv0001 5 | spec: 6 | accessModes: 7 | - ReadWriteOnce 8 | capacity: 9 | storage: 10Gi 10 | hostPath: 11 | path: /dataz 12 | --- 13 | kind: PersistentVolumeClaim 14 | apiVersion: v1 15 | metadata: 16 | name: myclaim 17 | spec: 18 | accessModes: 19 | - ReadWriteOnce 20 | resources: 21 | requests: 22 | # problem: PVC requested a PV with more storage than was available 23 | storage: 10Gi 24 | --- 25 | apiVersion: v1 26 | kind: Pod 27 | metadata: 28 | name: nginx-volumes 29 | labels: 30 | app: webapp 31 | role: frontend 32 | spec: 33 | containers: 34 | - name: nginx 35 | image: nginx 36 | volumeMounts: 37 | - mountPath: /dataz 38 | name: my-pd 39 | env: 40 | - name: PORT 41 | value: "8080" 42 | volumes: 43 | - name: my-pd 44 | persistentVolumeClaim: 45 | claimName: myclaim 46 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/authz and authn/Webhook_Request_Body.json: -------------------------------------------------------------------------------- 1 | # When faced with an authorization decision, the API Server POSTs a JSON serialized api.authorization.v1beta1.SubjectAccessReview object describing the action. This object contains fields describing the user attempting to make the request, and either details about the resource being accessed or requests attributes. 2 | 3 | # Note that webhook API objects are subject to the same versioning compatibility rules as other Kubernetes API objects. Implementers should be aware of looser compatibility promises for beta objects and check the “apiVersion” field of the request to ensure correct deserialization. Additionally, the API Server must enable the authorization.k8s.io/v1beta1 API extensions group (--runtime-config=authorization.k8s.io/v1beta1=true). 4 | 5 | { 6 | "apiVersion": "authorization.k8s.io/v1beta1", 7 | "kind": "SubjectAccessReview", 8 | "spec": { 9 | "resourceAttributes": { 10 | "namespace": "kittensandponies", 11 | "verb": "GET", 12 | "group": "unicorn.example.org", 13 | "resource": "pods" 14 | }, 15 | "user": "jane", 16 | "group": [ 17 | "group1", 18 | "group2" 19 | ] 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.1/daemonset-fluentd-example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: DaemonSet 3 | metadata: 4 | name: fluentd-elasticsearch-v1 5 | namespace: kube-system 6 | labels: 7 | k8s-app: fluentd-logging 8 | version: v1 9 | kubernetes.io/cluster-service: "true" 10 | spec: 11 | template: 12 | metadata: 13 | labels: 14 | k8s-app: fluentd-logging 15 | version: v1 16 | kubernetes.io/cluster-service: "true" 17 | spec: 18 | containers: 19 | - name: fluentd-elasticsearch 20 | image: gcr.io/google_containers/fluentd-elasticsearch:1.17 21 | resources: 22 | limits: 23 | memory: 200Mi 24 | requests: 25 | cpu: 100m 26 | memory: 200Mi 27 | volumeMounts: 28 | - name: varlog 29 | mountPath: /var/log 30 | - name: varlibdockercontainers 31 | mountPath: /var/lib/docker/containers 32 | readOnly: true 33 | terminationGracePeriodSeconds: 30 34 | volumes: 35 | - name: varlog 36 | hostPath: 37 | path: /var/log 38 | - name: varlibdockercontainers 39 | hostPath: 40 | path: /var/lib/docker/containers 41 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/authz and authn/Webhook_Config_File_Exampla.yaml: -------------------------------------------------------------------------------- 1 | # Mode Webhook requires a file for HTTP configuration, specify by the --authorization-webhook-config-file=SOME_FILENAME flag. 2 | # The configuration file uses the kubeconfig file format. Within the file “users” refers to the API Server webhook and “clusters” refers to the remote service. 3 | # A configuration example which uses HTTPS client auth: 4 | 5 | # clusters refers to the remote service. 6 | clusters: 7 | - name: name-of-remote-authz-service 8 | cluster: 9 | certificate-authority: /path/to/ca.pem # CA for verifying the remote service. 10 | server: https://authz.example.com/authorize # URL of remote service to query. Must use 'https'. 11 | 12 | # users refers to the API Server's webhook configuration. 13 | users: 14 | - name: name-of-api-server 15 | user: 16 | client-certificate: /path/to/cert.pem # cert for the webhook plugin to use 17 | client-key: /path/to/key.pem # key matching the cert 18 | 19 | # kubeconfig files require a context. Provide one for the API Server. 20 | current-context: webhook 21 | contexts: 22 | - context: 23 | cluster: name-of-remote-authz-service 24 | user: name-of-api-sever 25 | name: webhook 26 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.3/storageclass-aws-ebs-example.yaml: -------------------------------------------------------------------------------- 1 | kind: StorageClass 2 | apiVersion: storage.k8s.io/v1beta1 3 | metadata: 4 | name: slow 5 | provisioner: kubernetes.io/aws-ebs 6 | parameters: 7 | ## Select from io1, gp2, sc1, st1. The default is gp2 8 | type: io1 9 | ## AWS zone. If not specified, the zone is randomly selected from zones available in the 10 | ## region. 11 | zone: us-east-1d 12 | ## Only for io1 volumes. I/O operations per second per GiB. The AWS volume plug-in 13 | ## multiplies this with the size of the requested volume to compute IOPS of the volume. 14 | ## The value cap is 20,000 IOPS, which is the maximum supported by AWS. See AWS 15 | ## documentation for further details. 16 | iopsPerGB: "10" 17 | ## Denotes whether to encrypt the EBS volume 18 | encrypted: true 19 | ## (optional) The full Amazon Resource Name (ARN) of the key to use 20 | ## when encrypting the volume. If none is supplied but encrypted is true, AWS generates a key 21 | # kmsKeyId: keyvalue 22 | 23 | --- 24 | kind: PersistentVolumeClaim 25 | apiVersion: v1 26 | metadata: 27 | name: data 28 | annotations: 29 | volume.beta.kubernetes.io/storage-class: "slow" 30 | spec: 31 | accessModes: 32 | - ReadWriteOnce 33 | resources: 34 | requests: 35 | storage: 8Gi 36 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/authz and authn/Custom_Module_Example: -------------------------------------------------------------------------------- 1 | # Kubernetes exposes the subjectaccessreviews.v1beta1.authorization.k8s.io resource as a normal resource that allows external access to API authorizer decisions. No matter which authorizer you choose to use, you can issue a POST with a SubjectAccessReview just like the webhook authorizer to the apis/authorization.k8s.io/v1beta1/subjectaccessreviews endpoint and get back a response. For instance: 2 | 3 | 4 | kubectl create --v=8 -f - << __EOF__ 5 | { 6 | "apiVersion": "authorization.k8s.io/v1beta1", 7 | "kind": "SubjectAccessReview", 8 | "spec": { 9 | "resourceAttributes": { 10 | "namespace": "kittensandponies", 11 | "verb": "GET", 12 | "group": "unicorn.example.org", 13 | "resource": "pods" 14 | }, 15 | "user": "jane", 16 | "group": [ 17 | "group1", 18 | "group2" 19 | ] 20 | } 21 | } 22 | __EOF__ 23 | 24 | --- snip lots of output --- 25 | 26 | I0913 08:12:31.362873 27425 request.go:908] Response Body: {"kind":"SubjectAccessReview","apiVersion":"authorization.k8s.io/v1beta1","metadata":{"creationTimestamp":null},"spec":{"resourceAttributes":{"namespace":"kittensandponies","verb":"GET","group":"unicorn.example.org","resource":"pods"},"user":"jane","group":["group1","group2"]},"status":{"allowed":true}} 27 | subjectaccessreview "" created 28 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.1/statefulset-with-headless-service-example.yaml: -------------------------------------------------------------------------------- 1 | # A headless service to create DNS records 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: nginx 6 | labels: 7 | app: nginx 8 | spec: 9 | ports: 10 | - port: 80 11 | name: web 12 | # *.nginx.default.svc.cluster.local 13 | # DNS managed by the PetSet API, not the normal Service API 14 | clusterIP: None 15 | selector: 16 | app: nginx 17 | --- 18 | apiVersion: apps/v1beta1 19 | kind: StatefulSet 20 | metadata: 21 | name: web 22 | spec: 23 | serviceName: "nginx" 24 | replicas: 2 25 | template: 26 | metadata: 27 | labels: 28 | app: nginx 29 | annotations: 30 | pod.alpha.kubernetes.io/initialized: "true" 31 | spec: 32 | terminationGracePeriodSeconds: 0 33 | containers: 34 | - name: nginx 35 | image: gcr.io/google_containers/nginx-slim:0.8 36 | ports: 37 | - containerPort: 80 38 | name: web 39 | volumeMounts: 40 | - name: www 41 | mountPath: /usr/share/nginx/html 42 | volumeClaimTemplates: 43 | - metadata: 44 | name: www 45 | annotations: 46 | volume.alpha.kubernetes.io/storage-class: anything 47 | spec: 48 | accessModes: [ "ReadWriteOnce" ] 49 | resources: 50 | requests: 51 | storage: 1Gi 52 | -------------------------------------------------------------------------------- /k01_kubernetes_fundamentals/k8s-command-cheatsheet.md: -------------------------------------------------------------------------------- 1 | # minikube 2 | ```shell 3 | minikube start 4 | minikube addons list 5 | minikube service list 6 | minikube dashboard 7 | ``` 8 | 9 | # config 10 | ```shell 11 | cat ~/.kube/config 12 | kubectl config get-contexts 13 | kubectl config view 14 | ``` 15 | 16 | # completion 17 | ```shell 18 | kubectl completion bash 19 | ``` 20 | 21 | # nodes 22 | ```shell 23 | kubectl get nodes 24 | kubectl get nodes --show-labels 25 | kubectl describe nodes minikube 26 | kubectl label nodes minikube disktype=ssd 27 | kubectl label nodes minikube disktype- 28 | ``` 29 | # port-foward 30 | ```shell 31 | kubectl port-forward croc-hunter 8080:8080 32 | ``` 33 | 34 | # exec 35 | ```shell 36 | kubectl exec -it croc-hunter /bin/sh 37 | ``` 38 | 39 | # create 40 | ```shell 41 | kubectl create namespace croc-hunter 42 | ``` 43 | 44 | # get 45 | ``` 46 | kubectl get pods 47 | kubectl get pods -n kube-system 48 | kubectl get pods -o wide 49 | kubectl describe pods kube-dns-v20-h15vs -n kube-system 50 | kubectl get deploy,rs,pods 51 | kubectl get pods croc-hunter -o yaml 52 | kubectl get pods croc-hunter -o yaml 53 | kubectl get svc,ep 54 | ``` 55 | 56 | # delete 57 | ``` 58 | kubectl delete pod redis-1828427801-rm9nd 59 | ``` 60 | 61 | # scale 62 | ```shell 63 | kubectl scale deploy redis --replicas=3 64 | ``` 65 | 66 | # explain 67 | ``` 68 | kubectl explain pods 69 | ``` 70 | 71 | # run 72 | ``` 73 | kubectl run redis --image=redis 74 | kubectl run -i -t busybox --image=busybox --restart=Never 75 | ``` 76 | 77 | # base64 78 | ```shell 79 | echo "YWRtaW4=" | base64 -D 80 | echo "admin" | base64 81 | ``` -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.1/writing-a-daemonset-spec.yaml: -------------------------------------------------------------------------------- 1 | # DaemonSet needs apiVersion, kind, and metadata fields 2 | 3 | # Running Pods on Only Some Nodes 4 | # If you specify a .spec.template.spec.nodeSelector, then the DaemonSet controller 5 | # will create pods on nodes which match that node selector. If you specify a 6 | # scheduler.alpha.kubernetes.io/affinity annotation in .spec.template.metadata.annotations 7 | # then DaemonSet controller will create pods on nodes which match that node affinity. 8 | # If you do not specify a .spec.template.spec.nodeSelector nor node affinity 9 | # then the DaemonSet controller will create pods on all nodes. 10 | 11 | apiVersion: extensions/v1beta1 12 | kind: DaemonSet 13 | metadata: 14 | name: lekube 15 | namespace: default 16 | spec: 17 | # The spec.selector is an object consisting of two fields: matchLabels and matchExpressions 18 | # If the .spec.selector is specified, it must match the .spec.template.metadata.labels. 19 | # If not specified, they are defaulted to be equal. 20 | # Config with these not matching will be rejected by the API. 21 | selector: 22 | matchLabels: 23 | app: lekube 24 | # The .spec.template is the only required field of the .spec 25 | template: 26 | metadata: 27 | name: lekube 28 | labels: 29 | app: lekube 30 | spec: 31 | serviceAccount: lekube 32 | containers: 33 | - name: lekube 34 | image: jsingerdumars/lekube:latest 35 | imagePullPolicy: Always 36 | securityContext: 37 | privileged: true 38 | volumeMounts: 39 | - name: dockersocket 40 | mountPath: /run/docker.sock 41 | env: 42 | - name: LOGENTRIES_TOKEN 43 | value: xxxxxxxxxx 44 | volumes: 45 | - name: dockersocket 46 | hostPath: 47 | path: /var/run/docker.sock 48 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M05/kubectl_examples: -------------------------------------------------------------------------------- 1 | kubectl run nginx --image=nginx --replicas=1 2 | kubectl expose deployment nginx --port=80 --target-port=8000 3 | kubectl annotate deployment nginx key='value' 4 | kubectl autoscale deployment nginx --min=3 --max=5 --cpu-percent=20 5 | kubectl create -f 6 | kubectl create -f . 7 | kubectl delete -f 8 | kubectl delete --all 9 | kubectl delete -f . 10 | kubectl edit deployment nginx 11 | kubectl get pods -o wide 12 | kubectl get pods,svc,ep 13 | kubectl get pod -o yaml 14 | kubectl label pods nginx unhealthy=true 15 | kubectl label pods --all status=unhealthy 16 | kubectl label pods nginx unhealthy 17 | kubectl patch deployment nginx -p '{"spec":{"containers":[{"name":"nginx","image":"new image"}]}}' 18 | kubectl patch deployment nginx --type='json' -p='[{"op": "replace", "path": "/spec/template/spec/containers/0/image", "value":"new image"}]' 19 | kubectl replace -f ./pod.json 20 | kubectl rolling-update frontend-v1 frontend-v2 --image=image:v2 21 | kubectl rolling-update frontend-v1 frontend-v2 --rollback 22 | kubectl rollout status deploy/nginx 23 | kubectl rollout history deploy/nginx 24 | kubectl rollout undo deploy/nginx --to-revision=1 25 | kubectl scale --replicas=1 deployment/nginx 26 | kubectl set image deployment/nginx nginx=nginx:1.9.1 27 | kubectl set resources deployment nginx --limits=cpu=0,memory=0 --requests=cpu=0,memory=0 28 | kubectl apply -f ./pod.json 29 | kubectl attach nginx 30 | kubectl attach nginx -i -t 31 | kubectl cp /tmp/foo /:/tmp/bar 32 | Kubectl describe deploy/nginx 33 | kubectl exec -it nginx /bin/sh 34 | kubectl logs nginx 35 | kubectl logs -p nginx 36 | kubectl logs -f nginx 37 | kubectl logs --tail=20 nginx 38 | kubectl logs --since=1h nginx 39 | kubectl port-forward mypod 5000 6000 40 | kubectl port-forward mypod 5000:8080 6000:8081 41 | kubectl proxy --port=8080 42 | kubectl top pod 43 | kubectl top node 44 | kubectl cluster-info dump 45 | kubectl taint nodes foo dedicated=special-user:NoSchedule 46 | kubectl version 47 | kubectl version --client 48 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/authz and authn/Policy_JSON_Example4: -------------------------------------------------------------------------------- 1 | {"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"group":"system:authenticated", "nonResourcePath": "*", "readonly": true}} 2 | {"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"system:unauthenticated", "nonResourcePath": "*", "readonly": true}} 3 | {"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"admin", "namespace": "*", "resource": "*", "apiGroup": "*" }} 4 | {"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"scheduler", "namespace": "*", "resource": "pods", "readonly": true }} 5 | {"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"scheduler", "namespace": "*", "resource": "bindings" }} 6 | {"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"kubelet", "namespace": "*", "resource": "pods", "readonly": true }} 7 | {"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"kubelet", "namespace": "*", "resource": "services", "readonly": true }} 8 | {"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"kubelet", "namespace": "*", "resource": "endpoints", "readonly": true }} 9 | {"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"kubelet", "namespace": "*", "resource": "events" }} 10 | {"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"alice", "namespace": "projectCaribou", "resource": "*", "apiGroup": "*" }} 11 | {"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"bob", "namespace": "projectCaribou", "resource": "*", "apiGroup": "*", "readonly": true }} 12 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M06/6.3/solutions/example8-solution.yaml: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2016 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # Run the CockroachDB StatefulSet example on a minikube instance. 18 | # 19 | # For a fresh start, run the following first: 20 | # minikube delete 21 | # minikube start 22 | # 23 | # To upgrade minikube & kubectl on OSX, the following should suffice: 24 | # brew reinstall kubernetes-cli --devel 25 | # url -Lo minikube \ 26 | # https://storage.googleapis.com/minikube/releases/v0.4.0/minikube-darwin-amd64 && \ 27 | # chmod +x minikube && sudo mv minikube /usr/local/bin/ 28 | 29 | set -exuo pipefail 30 | 31 | # Clean up anything from a prior run: 32 | kubectl delete statefulsets,persistentvolumes,persistentvolumeclaims,services,poddisruptionbudget -l app=cockroachdb 33 | 34 | # Make persistent volumes and (correctly named) claims. We must create the 35 | # claims here manually even though that sounds counter-intuitive. For details 36 | # see https://github.com/kubernetes/contrib/pull/1295#issuecomment-230180894. 37 | # Note that we make an extra volume here so you can manually test scale-up. 38 | for i in $(seq 0 3); do 39 | cat < 18 | 19 | kind: Deployment 20 | apiVersion: extensions/v1beta1 21 | metadata: 22 | labels: 23 | app: kubernetes-dashboard 24 | name: kubernetes-dashboard 25 | namespace: kube-system 26 | spec: 27 | replicas: 1 28 | revisionHistoryLimit: 10 29 | selector: 30 | matchLabels: 31 | app: kubernetes-dashboard 32 | template: 33 | metadata: 34 | labels: 35 | app: kubernetes-dashboard 36 | # Comment the following annotation if Dashboard must not be deployed on master 37 | annotations: 38 | scheduler.alpha.kubernetes.io/tolerations: | 39 | [ 40 | { 41 | "key": "dedicated", 42 | "operator": "Equal", 43 | "value": "master", 44 | "effect": "NoSchedule" 45 | } 46 | ] 47 | spec: 48 | containers: 49 | - name: kubernetes-dashboard 50 | image: gcr.io/google_containers/kubernetes-dashboard-amd64:v1.6.0 51 | imagePullPolicy: Always 52 | ports: 53 | - containerPort: 9090 54 | protocol: TCP 55 | args: 56 | # Uncomment the following line to manually specify Kubernetes API server Host 57 | # If not specified, Dashboard will attempt to auto discover the API server and connect 58 | # to it. Uncomment only if the default does not work. 59 | # - --apiserver-host=http://my-address:port 60 | livenessProbe: 61 | httpGet: 62 | path: / 63 | port: 9090 64 | initialDelaySeconds: 30 65 | timeoutSeconds: 30 66 | --- 67 | kind: Service 68 | apiVersion: v1 69 | metadata: 70 | labels: 71 | app: kubernetes-dashboard 72 | name: kubernetes-dashboard 73 | namespace: kube-system 74 | spec: 75 | type: NodePort 76 | ports: 77 | - port: 80 78 | targetPort: 9090 79 | selector: 80 | app: kubernetes-dashboard 81 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M06/6.3/example3.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: redis-master 5 | labels: 6 | app: redis-master 7 | tier: backend 8 | role: master 9 | spec: 10 | ports: 11 | # the port that this service should serve on 12 | - port: 6379 13 | targetPort: 6379 14 | selector: 15 | app: redis 16 | tier: backend 17 | role: master 18 | --- 19 | apiVersion: extensions/v1beta1 20 | kind: Deployment 21 | metadata: 22 | name: redis-master 23 | # labels: 24 | # app: redis 25 | # role: master 26 | # tier: backend 27 | spec: 28 | # this replicas value is default 29 | # modify it according to your case 30 | replicas: 1 31 | # selector: 32 | # matchLabels: 33 | # app: guestbook 34 | # role: master 35 | # tier: backend 36 | template: 37 | metadata: 38 | labels: 39 | app: redis 40 | role: master 41 | tier: backend 42 | spec: 43 | containers: 44 | - name: master 45 | image: gcr.io/google_containers/redis 46 | resources: 47 | requests: 48 | cpu: 100m 49 | memory: 100Mi 50 | ports: 51 | - containerPort: 6379 52 | --- 53 | apiVersion: v1 54 | kind: Service 55 | metadata: 56 | name: redis-slave 57 | labels: 58 | app: redis-slave 59 | tier: backend 60 | role: slave 61 | spec: 62 | ports: 63 | # the port that this service should serve on 64 | - port: 6379 65 | selector: 66 | app: redis 67 | tier: backend 68 | role: slave 69 | --- 70 | apiVersion: extensions/v1beta1 71 | kind: Deployment 72 | metadata: 73 | name: redis-slave 74 | # labels: 75 | # app: redis 76 | # role: slave 77 | # tier: backend 78 | spec: 79 | replicas: 2 80 | template: 81 | metadata: 82 | labels: 83 | app: redis 84 | role: slave 85 | tier: backend 86 | spec: 87 | containers: 88 | - name: slave 89 | image: gcr.io/google_samples/gb-redisslave:v1 90 | resources: 91 | requests: 92 | cpu: 100m 93 | memory: 100Mi 94 | env: 95 | - name: GET_HOSTS_FROM 96 | value: dns 97 | # value: env 98 | ports: 99 | - containerPort: 6379 100 | --- 101 | apiVersion: v1 102 | kind: Service 103 | metadata: 104 | name: frontend 105 | labels: 106 | app: guestbook 107 | tier: frontend 108 | spec: 109 | type: NodePort 110 | ports: 111 | - port: 80 112 | selector: 113 | app: guestbook 114 | tier: frontend 115 | --- 116 | apiVersion: extensions/v1beta1 117 | kind: Deployment 118 | metadata: 119 | name: frontend 120 | labels: 121 | app: guestbook 122 | tier: frontend 123 | spec: 124 | replicas: 3 125 | selector: 126 | matchLabels: 127 | app: 128 | tier: 129 | template: 130 | metadata: 131 | labels: 132 | app: 133 | tier: 134 | spec: 135 | containers: 136 | - name: php-redis 137 | image: gcr.io/google-samples/gb-frontend:v4 138 | resources: 139 | requests: 140 | cpu: 100m 141 | memory: 100Mi 142 | env: 143 | - name: GET_HOSTS_FROM 144 | value: dns 145 | # value: env 146 | ports: 147 | - containerPort: 80 148 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M06_advanced_troubleshooting/03_labels_and_services_oh_my.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: redis-master 5 | labels: 6 | app: redis-master 7 | tier: backend 8 | role: master 9 | spec: 10 | ports: 11 | # the port that this service should serve on 12 | - port: 6379 13 | targetPort: 6379 14 | selector: 15 | app: redis 16 | tier: backend 17 | role: master 18 | --- 19 | apiVersion: extensions/v1beta1 20 | kind: Deployment 21 | metadata: 22 | name: redis-master 23 | # labels: 24 | # app: redis 25 | # role: master 26 | # tier: backend 27 | spec: 28 | # this replicas value is default 29 | # modify it according to your case 30 | replicas: 1 31 | # selector: 32 | # matchLabels: 33 | # app: guestbook 34 | # role: master 35 | # tier: backend 36 | template: 37 | metadata: 38 | labels: 39 | app: redis 40 | role: master 41 | tier: backend 42 | spec: 43 | containers: 44 | - name: master 45 | image: gcr.io/google_containers/redis 46 | resources: 47 | requests: 48 | cpu: 100m 49 | memory: 100Mi 50 | ports: 51 | - containerPort: 6379 52 | --- 53 | apiVersion: v1 54 | kind: Service 55 | metadata: 56 | name: redis-slave 57 | labels: 58 | app: redis-slave 59 | tier: backend 60 | role: slave 61 | spec: 62 | ports: 63 | # the port that this service should serve on 64 | - port: 6379 65 | selector: 66 | app: redis 67 | tier: backend 68 | role: slave 69 | --- 70 | apiVersion: extensions/v1beta1 71 | kind: Deployment 72 | metadata: 73 | name: redis-slave 74 | # labels: 75 | # app: redis 76 | # role: slave 77 | # tier: backend 78 | spec: 79 | replicas: 2 80 | template: 81 | metadata: 82 | labels: 83 | app: redis 84 | role: slave 85 | tier: backend 86 | spec: 87 | containers: 88 | - name: slave 89 | image: gcr.io/google_samples/gb-redisslave:v1 90 | resources: 91 | requests: 92 | cpu: 100m 93 | memory: 100Mi 94 | env: 95 | - name: GET_HOSTS_FROM 96 | value: dns 97 | # value: env 98 | ports: 99 | - containerPort: 6379 100 | --- 101 | apiVersion: v1 102 | kind: Service 103 | metadata: 104 | name: frontend 105 | labels: 106 | app: guestbook 107 | tier: frontend 108 | spec: 109 | type: NodePort 110 | ports: 111 | - port: 80 112 | selector: 113 | app: guestbook 114 | tier: frontend 115 | --- 116 | apiVersion: extensions/v1beta1 117 | kind: Deployment 118 | metadata: 119 | name: frontend 120 | labels: 121 | app: guestbook 122 | tier: frontend 123 | spec: 124 | replicas: 3 125 | selector: 126 | matchLabels: 127 | app: 128 | tier: 129 | template: 130 | metadata: 131 | labels: 132 | app: 133 | tier: 134 | spec: 135 | containers: 136 | - name: php-redis 137 | image: gcr.io/google-samples/gb-frontend:v4 138 | resources: 139 | requests: 140 | cpu: 100m 141 | memory: 100Mi 142 | env: 143 | - name: GET_HOSTS_FROM 144 | value: dns 145 | # value: env 146 | ports: 147 | - containerPort: 80 148 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M06/6.3/solutions/example3-solution.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: redis-master 5 | labels: 6 | app: redis 7 | tier: backend 8 | role: master 9 | spec: 10 | ports: 11 | # the port that this service should serve on 12 | - port: 6379 13 | targetPort: 6379 14 | selector: 15 | app: redis 16 | tier: backend 17 | role: master 18 | --- 19 | apiVersion: extensions/v1beta1 20 | kind: Deployment 21 | metadata: 22 | name: redis-master 23 | # labels: 24 | # app: redis 25 | # role: master 26 | # tier: backend 27 | spec: 28 | # this replicas value is default 29 | # modify it according to your case 30 | replicas: 1 31 | # selector: 32 | # matchLabels: 33 | # app: guestbook 34 | # role: master 35 | # tier: backend 36 | template: 37 | metadata: 38 | labels: 39 | app: redis 40 | role: master 41 | tier: backend 42 | spec: 43 | containers: 44 | - name: master 45 | image: gcr.io/google_containers/redis 46 | resources: 47 | requests: 48 | cpu: 100m 49 | memory: 100Mi 50 | ports: 51 | - containerPort: 6379 52 | --- 53 | apiVersion: v1 54 | kind: Service 55 | metadata: 56 | name: redis-slave 57 | labels: 58 | app: redis 59 | tier: backend 60 | role: slave 61 | spec: 62 | ports: 63 | # the port that this service should serve on 64 | - port: 6379 65 | selector: 66 | app: redis 67 | tier: backend 68 | role: slave 69 | --- 70 | apiVersion: extensions/v1beta1 71 | kind: Deployment 72 | metadata: 73 | name: redis-slave 74 | # labels: 75 | # app: redis 76 | # role: slave 77 | # tier: backend 78 | spec: 79 | replicas: 2 80 | template: 81 | metadata: 82 | labels: 83 | app: redis 84 | role: slave 85 | tier: backend 86 | spec: 87 | containers: 88 | - name: slave 89 | image: gcr.io/google_samples/gb-redisslave:v1 90 | resources: 91 | requests: 92 | cpu: 100m 93 | memory: 100Mi 94 | env: 95 | - name: GET_HOSTS_FROM 96 | value: dns 97 | # value: env 98 | ports: 99 | - containerPort: 6379 100 | --- 101 | apiVersion: v1 102 | kind: Service 103 | metadata: 104 | name: frontend 105 | labels: 106 | app: guestbook 107 | tier: frontend 108 | spec: 109 | # type: LoadBalancer 110 | ports: 111 | - port: 80 112 | selector: 113 | app: guestbook 114 | tier: frontend 115 | --- 116 | apiVersion: extensions/v1beta1 117 | kind: Deployment 118 | metadata: 119 | name: frontend 120 | # labels: 121 | # app: guestbook 122 | # tier: frontend 123 | spec: 124 | replicas: 3 125 | # selector: 126 | # matchLabels: 127 | # app: guestbook 128 | # tier: frontend 129 | template: 130 | metadata: 131 | labels: 132 | app: guestbook 133 | tier: frontend 134 | spec: 135 | containers: 136 | - name: php-redis 137 | image: gcr.io/google-samples/gb-frontend:v4 138 | resources: 139 | requests: 140 | cpu: 100m 141 | memory: 100Mi 142 | env: 143 | - name: GET_HOSTS_FROM 144 | value: dns 145 | # value: env 146 | ports: 147 | - containerPort: 80 148 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M06_advanced_troubleshooting/solutions/example3-solution.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: redis-master 5 | labels: 6 | app: redis 7 | tier: backend 8 | role: master 9 | spec: 10 | ports: 11 | # the port that this service should serve on 12 | - port: 6379 13 | targetPort: 6379 14 | selector: 15 | app: redis 16 | tier: backend 17 | role: master 18 | --- 19 | apiVersion: extensions/v1beta1 20 | kind: Deployment 21 | metadata: 22 | name: redis-master 23 | # labels: 24 | # app: redis 25 | # role: master 26 | # tier: backend 27 | spec: 28 | # this replicas value is default 29 | # modify it according to your case 30 | replicas: 1 31 | # selector: 32 | # matchLabels: 33 | # app: guestbook 34 | # role: master 35 | # tier: backend 36 | template: 37 | metadata: 38 | labels: 39 | app: redis 40 | role: master 41 | tier: backend 42 | spec: 43 | containers: 44 | - name: master 45 | image: gcr.io/google_containers/redis 46 | resources: 47 | requests: 48 | cpu: 100m 49 | memory: 100Mi 50 | ports: 51 | - containerPort: 6379 52 | --- 53 | apiVersion: v1 54 | kind: Service 55 | metadata: 56 | name: redis-slave 57 | labels: 58 | app: redis 59 | tier: backend 60 | role: slave 61 | spec: 62 | ports: 63 | # the port that this service should serve on 64 | - port: 6379 65 | selector: 66 | app: redis 67 | tier: backend 68 | role: slave 69 | --- 70 | apiVersion: extensions/v1beta1 71 | kind: Deployment 72 | metadata: 73 | name: redis-slave 74 | # labels: 75 | # app: redis 76 | # role: slave 77 | # tier: backend 78 | spec: 79 | replicas: 2 80 | template: 81 | metadata: 82 | labels: 83 | app: redis 84 | role: slave 85 | tier: backend 86 | spec: 87 | containers: 88 | - name: slave 89 | image: gcr.io/google_samples/gb-redisslave:v1 90 | resources: 91 | requests: 92 | cpu: 100m 93 | memory: 100Mi 94 | env: 95 | - name: GET_HOSTS_FROM 96 | value: dns 97 | # value: env 98 | ports: 99 | - containerPort: 6379 100 | --- 101 | apiVersion: v1 102 | kind: Service 103 | metadata: 104 | name: frontend 105 | labels: 106 | app: guestbook 107 | tier: frontend 108 | spec: 109 | # type: LoadBalancer 110 | ports: 111 | - port: 80 112 | selector: 113 | app: guestbook 114 | tier: frontend 115 | --- 116 | apiVersion: extensions/v1beta1 117 | kind: Deployment 118 | metadata: 119 | name: frontend 120 | # labels: 121 | # app: guestbook 122 | # tier: frontend 123 | spec: 124 | replicas: 3 125 | # selector: 126 | # matchLabels: 127 | # app: guestbook 128 | # tier: frontend 129 | template: 130 | metadata: 131 | labels: 132 | app: guestbook 133 | tier: frontend 134 | spec: 135 | containers: 136 | - name: php-redis 137 | image: gcr.io/google-samples/gb-frontend:v4 138 | resources: 139 | requests: 140 | cpu: 100m 141 | memory: 100Mi 142 | env: 143 | - name: GET_HOSTS_FROM 144 | value: dns 145 | # value: env 146 | ports: 147 | - containerPort: 80 148 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.2/ingress-tls-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: croc-hunter-tls 5 | data: 6 | tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMzakNDQWNZQ0NRQ3R5ZW9wanVEUHNqQU5CZ2txaGtpRzl3MEJBUXNGQURBeE1TOHdMUVlEVlFRRERDWmoKY205akxXaDFiblJsY2kxMGJITXVhVzVuY21WemN5NXJPSE11WlhOMGNtRmtieTVwYnpBZUZ3MHhOekF5TVRZdwpOVEk0TVRsYUZ3MHhPREF5TVRZd05USTRNVGxhTURFeEx6QXRCZ05WQkFNTUptTnliMk10YUhWdWRHVnlMWFJzCmN5NXBibWR5WlhOekxtczRjeTVsYzNSeVlXUnZMbWx2TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEEKTUlJQkNnS0NBUUVBd0ZWWlRCbklyZlczRXhpMWpaVDVDYzJGMjNUY2F1dWdkNXBwUzZPRzFLVEFwZEMxenpzRApwWllNVHZxeEJIMmJZcWVqclJnU000S1Q5UWVBUFZ0aUd6L2t2TEk4dEo3UXF2ZjBaOVNWK3N5NzNIUndqZXRjCllJYUs3V2pCc1k5Y2JXWlF6V08rT0dSZmFTZzZYZTc5emcxRDN4U1JNMUpEK3MxaDlxYkZkZlhqcDI2US8wZUgKTndIajRESXlNcGNEbFczUnNLTS83blBDMHlmbVltSzR5Y3VhMmZiU3JSdGZrMW9JdGFsY3NValFkd0dwWXg5SQp1WXNLR3kzREZkemlTTE8rOGVxckVmanAyVTdtRjFWUzE4Yzd6UlZ3L3VWTldWMklvbzNOSWhlYi9hOTNvb0g1CjdSbjlXSU12WitXcXVWUGh5d2hRL29TQWdTZU1oUHp6SXdJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUIKQVFDN21YNWkyUlRDb0ZVK21yNlRJZnZ5ZDhqeG1UTTJGbjRLbHNTYkhqd2dGbnVwNi94WHNYZHVCYlpyQlBJdwo1anpCSm8yckY4NElhRTk2MjdGdjA4eHlRMjNFN0hTY0dqOWlpaEQ2YjdhQVhCMFNKOWdVR21KSXMyc3FqcXR1ClNEZ0J4UXZNQmtpeFBDdXVTYzZVZjJSZkhvZlNWaEk3eVE1VTBwUjQ0UWRKU1dndXR1cjk4TjI3TlB6Y0xXREsKVUtUaGx2Z3pzZjhON1Z1Vzc4Z3NIMEo0eEQyNWRjTzI2dmRvclRQZGtHWFNwY05BcEt2L1NYSHJFRGI2bStLagpiZnlCYWliTWF0RnIyMVl4R21BQk1ncGRjYzB5UTR1UEhCODJka2xBUnBFVEYwOWFtQUtsbkQyR1VqWlQyZmpPClJwZ2t4djA5QnR2MEVkeG9INzEveE1ObQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== 7 | tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBd0ZWWlRCbklyZlczRXhpMWpaVDVDYzJGMjNUY2F1dWdkNXBwUzZPRzFLVEFwZEMxCnp6c0RwWllNVHZxeEJIMmJZcWVqclJnU000S1Q5UWVBUFZ0aUd6L2t2TEk4dEo3UXF2ZjBaOVNWK3N5NzNIUncKamV0Y1lJYUs3V2pCc1k5Y2JXWlF6V08rT0dSZmFTZzZYZTc5emcxRDN4U1JNMUpEK3MxaDlxYkZkZlhqcDI2UQovMGVITndIajRESXlNcGNEbFczUnNLTS83blBDMHlmbVltSzR5Y3VhMmZiU3JSdGZrMW9JdGFsY3NValFkd0dwCll4OUl1WXNLR3kzREZkemlTTE8rOGVxckVmanAyVTdtRjFWUzE4Yzd6UlZ3L3VWTldWMklvbzNOSWhlYi9hOTMKb29INTdSbjlXSU12WitXcXVWUGh5d2hRL29TQWdTZU1oUHp6SXdJREFRQUJBb0lCQUZXaEtpS2hrQ0V6TnBELwovVVROd0pyR3NBUG00WU9RNkY2WGxxMmdYcFVwek1PR1NvdTY0SUxHYlRCMG1IOUJWUDcxVi8vbXFhUFpUUHBZCm5wV3lxOWtwOXpLendDZENWZkRvZUI0S0hjUU5oczQ5NFNhdVZQQjh0am5BM0F1cm9pRHEzcXF5NzZ1M3RHcmoKQ0NsdUQvMi9GaXFwdzRPdjZxZ3M3S0tkMldnTWpTdzZIWGR6TlZYOU1COHlad3kzczFXaERIZkF2RVlxc1pFMgpudUVROXdJd2RJQ2l3TzJUTW5IWmNIS3IrMUdGWTdmYmN3NHRDUDIxeGRGZXZJWStTTUorNnNRRWZQUlF3MEpaCnB4Sm1UdWExdEIrWTg1WUJTUnRzK0wvZG5zVnE2cVI3WUVSWHg2UXBzNEl1OTd5RHF0TFAzNndMdVZISTFmaVIKbktJbVVMRUNnWUVBOHVOZGc5QjhYSk1nWktZYmM5Q3BSTHExYTJQa09xbWVidjRpMkdXMUNGOWQrVm5qMVdHMQpsd3hkNXJ6MnFVTUhvdnRzZTdWSFlPelNFdG9senliQkJUVFBsZndRVjRWUDlXSjJOTnhXbEhua0xQYWtPcTR6CjQwcGFEZkxoWjVTK0FhWVFQWVhxYXlDd0xFMjZFL0xsMUNJK0NocVNKYjhoWXlvYkVPcDRLRlVDZ1lFQXlyZFYKV1ZNM1czdFhjemlYdTZLakhaM1lROVJjS0cwVUpsVVVXdTkzY3dITUlxellJNWtHeC9sZ3VzOFcyQ2x4M0d1SQp1ckdkZzhwRzExdzVpdjNYZEdyeWN6c0lFR2ZpQ21PSlJ3emVSUGJsUXZveHpZTnFSR0RFUEpRUmFYQkd6eHpmCmRqSlp1SDNrNmpsSVBVYUo5YzJMNmtwU3RnanJJSTV6Skh1RmhaY0NnWUJnWXBlZWttSjNmaThSb2RVdERYWE8KZjJVMCs0djdONHBXczJUeWlOSGhRNjhRSDNySkY2QXZFOHBEb1dNazRpT3FxcWx2SWczMFNhWkhzdWZrSDVYagpVZ1M2bVMrRys3RXlTR051TUszdTk3dnpsK0N1SktrVW5sSEVUVWpqaU9RcDFWT0docGp5OENMWlFmTUFyWmhFCnFWNERObTRlcW8wK1E5dy94enZ0alFLQmdINFZUWGFEZGJqbW5GdkQ1VXdGT2lNZm0vV0VUZFd2RW90TSs1NGIKdDFYRzFtcnl5blJKcDVnVm1YNVhjOFA2OHlDL21ZbFZFNzEyd0YwT3RaT25rcXlNSUVSZmdRS0RPbXB2d21CNAp0bjU2ZWRvUXQ0MDFvWkRxQnVRT3pFMmlVY2hjRXZqM0ZDclYwdDJEeDFTbFhRV1BWT2ppVlZOM2RKY0pRc0I4Ck8yMzlBb0dBZHZoQVBpaWFCSXBmTmFBY0IvVFZvc1IzSWRFbUFDbVRveE10elNVVnZ2YTJvL1dXajdQdFVscWcKK25xT3hsSys4enc0clUxK1MxdkF4Um40WVZhWEtkdUViaG5QMDV1Q2tEeTNNaE9uSERuZGFheXZWaTlQMi9ZWQpMamZCTFRIQUpScXpUSHUyd2MvMWNUaExFT2Z0VjdVUW1BTHQwNnM5eGVqOFdkVk0raDA9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== 8 | type: kubernetes.io/tls -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.1/statefulset-example-zookeeper.yaml: -------------------------------------------------------------------------------- 1 | # After running, kubectl get -w -l app=zk 2 | 3 | apiVersion: v1 4 | kind: Service 5 | metadata: 6 | name: zk-headless 7 | labels: 8 | app: zk-headless 9 | spec: 10 | ports: 11 | - port: 2888 12 | name: server 13 | - port: 3888 14 | name: leader-election 15 | clusterIP: None 16 | selector: 17 | app: zk 18 | --- 19 | apiVersion: v1 20 | kind: ConfigMap 21 | metadata: 22 | name: zk-config 23 | data: 24 | ensemble: "zk-0;zk-1;zk-2" 25 | jvm.heap: "2G" 26 | tick: "2000" 27 | init: "10" 28 | sync: "5" 29 | client.cnxns: "60" 30 | snap.retain: "3" 31 | purge.interval: "1" 32 | --- 33 | apiVersion: policy/v1beta1 34 | kind: PodDisruptionBudget 35 | metadata: 36 | name: zk-budget 37 | spec: 38 | selector: 39 | matchLabels: 40 | app: zk 41 | minAvailable: 2 42 | --- 43 | apiVersion: apps/v1beta1 44 | kind: StatefulSet 45 | metadata: 46 | name: zk 47 | spec: 48 | serviceName: zk-headless 49 | replicas: 3 50 | template: 51 | metadata: 52 | labels: 53 | app: zk 54 | annotations: 55 | pod.alpha.kubernetes.io/initialized: "true" 56 | scheduler.alpha.kubernetes.io/affinity: > 57 | { 58 | "podAntiAffinity": { 59 | "requiredDuringSchedulingRequiredDuringExecution": [{ 60 | "labelSelector": { 61 | "matchExpressions": [{ 62 | "key": "app", 63 | "operator": "In", 64 | "values": ["zk-headless"] 65 | }] 66 | }, 67 | "topologyKey": "kubernetes.io/hostname" 68 | }] 69 | } 70 | } 71 | spec: 72 | containers: 73 | - name: k8szk 74 | imagePullPolicy: Always 75 | image: gcr.io/google_samples/k8szk:v1 76 | resources: 77 | requests: 78 | memory: "4Gi" 79 | cpu: "1" 80 | ports: 81 | - containerPort: 2181 82 | name: client 83 | - containerPort: 2888 84 | name: server 85 | - containerPort: 3888 86 | name: leader-election 87 | env: 88 | - name : ZK_ENSEMBLE 89 | valueFrom: 90 | configMapKeyRef: 91 | name: zk-config 92 | key: ensemble 93 | - name : ZK_HEAP_SIZE 94 | valueFrom: 95 | configMapKeyRef: 96 | name: zk-config 97 | key: jvm.heap 98 | - name : ZK_TICK_TIME 99 | valueFrom: 100 | configMapKeyRef: 101 | name: zk-config 102 | key: tick 103 | - name : ZK_INIT_LIMIT 104 | valueFrom: 105 | configMapKeyRef: 106 | name: zk-config 107 | key: init 108 | - name : ZK_SYNC_LIMIT 109 | valueFrom: 110 | configMapKeyRef: 111 | name: zk-config 112 | key: tick 113 | - name : ZK_MAX_CLIENT_CNXNS 114 | valueFrom: 115 | configMapKeyRef: 116 | name: zk-config 117 | key: client.cnxns 118 | - name: ZK_SNAP_RETAIN_COUNT 119 | valueFrom: 120 | configMapKeyRef: 121 | name: zk-config 122 | key: snap.retain 123 | - name: ZK_PURGE_INTERVAL 124 | valueFrom: 125 | configMapKeyRef: 126 | name: zk-config 127 | key: purge.interval 128 | - name: ZK_CLIENT_PORT 129 | value: "2181" 130 | - name: ZK_SERVER_PORT 131 | value: "2888" 132 | - name: ZK_ELECTION_PORT 133 | value: "3888" 134 | command: 135 | - sh 136 | - -c 137 | - zkGenConfig.sh && zkServer.sh start-foreground 138 | readinessProbe: 139 | exec: 140 | command: 141 | - "zkOk.sh" 142 | initialDelaySeconds: 15 143 | timeoutSeconds: 5 144 | livenessProbe: 145 | exec: 146 | command: 147 | - "zkOk.sh" 148 | initialDelaySeconds: 15 149 | timeoutSeconds: 5 150 | volumeMounts: 151 | - name: datadir 152 | mountPath: /var/lib/zookeeper 153 | securityContext: 154 | runAsUser: 1000 155 | fsGroup: 1000 156 | volumeClaimTemplates: 157 | - metadata: 158 | name: datadir 159 | annotations: 160 | volume.alpha.kubernetes.io/storage-class: anything 161 | spec: 162 | accessModes: [ "ReadWriteOnce" ] 163 | resources: 164 | requests: 165 | storage: 20Gi 166 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M06/6.3/example8.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | # This service is meant to be used by clients of the database. It exposes a ClusterIP that will 5 | # automatically load balance connections to the different database pods. 6 | name: cockroachdb-public 7 | labels: 8 | app: cockroachdb 9 | spec: 10 | ports: 11 | # The main port, served by gRPC, serves Postgres-flavor SQL, internode 12 | # traffic and the cli. 13 | - port: 26257 14 | targetPort: 26257 15 | name: grpc 16 | # The secondary port serves the UI as well as health and debug endpoints. 17 | - port: 8080 18 | targetPort: 8080 19 | name: http 20 | selector: 21 | app: cockroachdb 22 | --- 23 | apiVersion: v1 24 | kind: Service 25 | metadata: 26 | # This service only exists to create DNS entries for each pod in the stateful 27 | # set such that they can resolve each other's IP addresses. It does not 28 | # create a load-balanced ClusterIP and should not be used directly by clients 29 | # in most circumstances. 30 | name: cockroachdb 31 | labels: 32 | app: cockroachdb 33 | annotations: 34 | # This is needed to make the peer-finder work properly and to help avoid 35 | # edge cases where instance 0 comes up after losing its data and needs to 36 | # decide whether it should create a new cluster or try to join an existing 37 | # one. If it creates a new cluster when it should have joined an existing 38 | # one, we'd end up with two separate clusters listening at the same service 39 | # endpoint, which would be very bad. 40 | service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" 41 | # Enable automatic monitoring of all instances when Prometheus is running in the cluster. 42 | prometheus.io/scrape: "true" 43 | prometheus.io/path: "_status/vars" 44 | prometheus.io/port: "8080" 45 | spec: 46 | ports: 47 | - port: 26257 48 | targetPort: 26257 49 | name: grpc 50 | - port: 8080 51 | targetPort: 8080 52 | name: http 53 | clusterIP: None 54 | selector: 55 | app: cockroachdb 56 | --- 57 | apiVersion: policy/v1beta1 58 | kind: PodDisruptionBudget 59 | metadata: 60 | name: cockroachdb-budget 61 | labels: 62 | app: cockroachdb 63 | spec: 64 | selector: 65 | matchLabels: 66 | app: cockroachdb 67 | minAvailable: 67% 68 | --- 69 | apiVersion: apps/v1beta1 70 | kind: StatefulSet 71 | metadata: 72 | name: cockroachdb 73 | spec: 74 | serviceName: "cockroachdb" 75 | replicas: 3 76 | template: 77 | metadata: 78 | labels: 79 | app: cockroachdb 80 | annotations: 81 | scheduler.alpha.kubernetes.io/affinity: > 82 | { 83 | "podAntiAffinity": { 84 | "preferredDuringSchedulingIgnoredDuringExecution": [{ 85 | "weight": 100, 86 | "labelSelector": { 87 | "matchExpressions": [{ 88 | "key": "app", 89 | "operator": "In", 90 | "values": ["cockroachdb"] 91 | }] 92 | }, 93 | "topologyKey": "kubernetes.io/hostname" 94 | }] 95 | } 96 | } 97 | # Init containers are run only once in the lifetime of a pod, before 98 | # it's started up for the first time. It has to exit successfully 99 | # before the pod's main containers are allowed to start. 100 | # This particular init container does a DNS lookup for other pods in 101 | # the set to help determine whether or not a cluster already exists. 102 | # If any other pods exist, it creates a file in the cockroach-data 103 | # directory to pass that information along to the primary container that 104 | # has to decide what command-line flags to use when starting CockroachDB. 105 | # This only matters when a pod's persistent volume is empty - if it has 106 | # data from a previous execution, that data will always be used. 107 | pod.alpha.kubernetes.io/init-containers: '[ 108 | { 109 | "name": "bootstrap", 110 | "image": "cockroachdb/cockroach-k8s-init:0.1", 111 | "imagePullPolicy": "IfNotPresent", 112 | "args": [ 113 | "-on-start=/on-start.sh", 114 | "-service=cockroachdb" 115 | ], 116 | "env": [ 117 | { 118 | "name": "POD_NAMESPACE", 119 | "valueFrom": { 120 | "fieldRef": { 121 | "apiVersion": "v1", 122 | "fieldPath": "metadata.namespace" 123 | } 124 | } 125 | } 126 | ], 127 | "volumeMounts": [ 128 | { 129 | "name": "datadir", 130 | "mountPath": "/cockroach/cockroach-data" 131 | } 132 | ] 133 | } 134 | ]' 135 | spec: 136 | containers: 137 | - name: cockroachdb 138 | # Runs the master branch. Not recommended for production, but since 139 | # CockroachDB is in Beta, you don't want to run it in production 140 | # anyway. See 141 | # https://hub.docker.com/r/cockroachdb/cockroach/tags/ 142 | # if you prefer to run a beta release. 143 | image: cockroachdb/cockroach 144 | imagePullPolicy: IfNotPresent 145 | ports: 146 | - containerPort: 26257 147 | name: grpc 148 | - containerPort: 8080 149 | name: http 150 | volumeMounts: 151 | - name: datadir 152 | mountPath: /cockroach/cockroach-data 153 | command: 154 | - "/bin/bash" 155 | - "-ecx" 156 | - | 157 | # The use of qualified `hostname -f` is crucial: 158 | # Other nodes aren't able to look up the unqualified hostname. 159 | CRARGS=("start" "--logtostderr" "--insecure" "--host" "$(hostname -f)" "--http-host" "0.0.0.0") 160 | # We only want to initialize a new cluster (by omitting the join flag) 161 | # if we're sure that we're the first node (i.e. index 0) and that 162 | # there aren't any other nodes running as part of the cluster that 163 | # this is supposed to be a part of (which indicates that a cluster 164 | # already exists and we should make sure not to create a new one). 165 | # It's fine to run without --join on a restart if there aren't any 166 | # other nodes. 167 | if [ ! "$(hostname)" == "cockroachdb-0" ] || \ 168 | [ -e "/cockroach/cockroach-data/cluster_exists_marker" ] 169 | then 170 | # We don't join cockroachdb in order to avoid a node attempting 171 | # to join itself, which currently doesn't work 172 | # (https://github.com/cockroachdb/cockroach/issues/9625). 173 | CRARGS+=("--join" "cockroachdb-public") 174 | fi 175 | exec /cockroach/cockroach ${CRARGS[*]} 176 | # No pre-stop hook is required, a SIGTERM plus some time is all that's 177 | # needed for graceful shutdown of a node. 178 | terminationGracePeriodSeconds: 60 179 | volumes: 180 | - name: datadir 181 | persistentVolumeClaim: 182 | claimName: datadir 183 | volumeClaimTemplates: 184 | - metadata: 185 | name: datadir 186 | annotations: 187 | volume.alpha.kubernetes.io/storage-class: anything 188 | spec: 189 | accessModes: 190 | - "ReadWriteOnce" 191 | resources: 192 | requests: 193 | storage: 1Gi 194 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M04/4.1/statefulset-example-cockroachdb.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | # This service is meant to be used by clients of the database. It exposes a ClusterIP that will 5 | # automatically load balance connections to the different database pods. 6 | name: cockroachdb-public 7 | labels: 8 | app: cockroachdb 9 | spec: 10 | ports: 11 | # The main port, served by gRPC, serves Postgres-flavor SQL, internode 12 | # traffic and the cli. 13 | - port: 26257 14 | targetPort: 26257 15 | name: grpc 16 | # The secondary port serves the UI as well as health and debug endpoints. 17 | - port: 8080 18 | targetPort: 8080 19 | name: http 20 | selector: 21 | app: cockroachdb 22 | --- 23 | apiVersion: v1 24 | kind: Service 25 | metadata: 26 | # This service only exists to create DNS entries for each pod in the stateful 27 | # set such that they can resolve each other's IP addresses. It does not 28 | # create a load-balanced ClusterIP and should not be used directly by clients 29 | # in most circumstances. 30 | name: cockroachdb 31 | labels: 32 | app: cockroachdb 33 | annotations: 34 | # This is needed to make the peer-finder work properly and to help avoid 35 | # edge cases where instance 0 comes up after losing its data and needs to 36 | # decide whether it should create a new cluster or try to join an existing 37 | # one. If it creates a new cluster when it should have joined an existing 38 | # one, we'd end up with two separate clusters listening at the same service 39 | # endpoint, which would be very bad. 40 | service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" 41 | # Enable automatic monitoring of all instances when Prometheus is running in the cluster. 42 | prometheus.io/scrape: "true" 43 | prometheus.io/path: "_status/vars" 44 | prometheus.io/port: "8080" 45 | spec: 46 | ports: 47 | - port: 26257 48 | targetPort: 26257 49 | name: grpc 50 | - port: 8080 51 | targetPort: 8080 52 | name: http 53 | clusterIP: None 54 | selector: 55 | app: cockroachdb 56 | --- 57 | apiVersion: policy/v1beta1 58 | kind: PodDisruptionBudget 59 | metadata: 60 | name: cockroachdb-budget 61 | labels: 62 | app: cockroachdb 63 | spec: 64 | selector: 65 | matchLabels: 66 | app: cockroachdb 67 | minAvailable: 67% 68 | --- 69 | apiVersion: apps/v1beta1 70 | kind: StatefulSet 71 | metadata: 72 | name: cockroachdb 73 | spec: 74 | serviceName: "cockroachdb" 75 | replicas: 3 76 | template: 77 | metadata: 78 | labels: 79 | app: cockroachdb 80 | annotations: 81 | scheduler.alpha.kubernetes.io/affinity: > 82 | { 83 | "podAntiAffinity": { 84 | "preferredDuringSchedulingIgnoredDuringExecution": [{ 85 | "weight": 100, 86 | "labelSelector": { 87 | "matchExpressions": [{ 88 | "key": "app", 89 | "operator": "In", 90 | "values": ["cockroachdb"] 91 | }] 92 | }, 93 | "topologyKey": "kubernetes.io/hostname" 94 | }] 95 | } 96 | } 97 | # Init containers are run only once in the lifetime of a pod, before 98 | # it's started up for the first time. It has to exit successfully 99 | # before the pod's main containers are allowed to start. 100 | # This particular init container does a DNS lookup for other pods in 101 | # the set to help determine whether or not a cluster already exists. 102 | # If any other pods exist, it creates a file in the cockroach-data 103 | # directory to pass that information along to the primary container that 104 | # has to decide what command-line flags to use when starting CockroachDB. 105 | # This only matters when a pod's persistent volume is empty - if it has 106 | # data from a previous execution, that data will always be used. 107 | pod.alpha.kubernetes.io/init-containers: '[ 108 | { 109 | "name": "bootstrap", 110 | "image": "cockroachdb/cockroach-k8s-init:0.1", 111 | "imagePullPolicy": "IfNotPresent", 112 | "args": [ 113 | "-on-start=/on-start.sh", 114 | "-service=cockroachdb" 115 | ], 116 | "env": [ 117 | { 118 | "name": "POD_NAMESPACE", 119 | "valueFrom": { 120 | "fieldRef": { 121 | "apiVersion": "v1", 122 | "fieldPath": "metadata.namespace" 123 | } 124 | } 125 | } 126 | ], 127 | "volumeMounts": [ 128 | { 129 | "name": "datadir", 130 | "mountPath": "/cockroach/cockroach-data" 131 | } 132 | ] 133 | } 134 | ]' 135 | spec: 136 | containers: 137 | - name: cockroachdb 138 | # Runs the master branch. Not recommended for production, but since 139 | # CockroachDB is in Beta, you don't want to run it in production 140 | # anyway. See 141 | # https://hub.docker.com/r/cockroachdb/cockroach/tags/ 142 | # if you prefer to run a beta release. 143 | image: cockroachdb/cockroach 144 | imagePullPolicy: IfNotPresent 145 | ports: 146 | - containerPort: 26257 147 | name: grpc 148 | - containerPort: 8080 149 | name: http 150 | volumeMounts: 151 | - name: datadir 152 | mountPath: /cockroach/cockroach-data 153 | command: 154 | - "/bin/bash" 155 | - "-ecx" 156 | - | 157 | # The use of qualified `hostname -f` is crucial: 158 | # Other nodes aren't able to look up the unqualified hostname. 159 | CRARGS=("start" "--logtostderr" "--insecure" "--host" "$(hostname -f)" "--http-host" "0.0.0.0") 160 | # We only want to initialize a new cluster (by omitting the join flag) 161 | # if we're sure that we're the first node (i.e. index 0) and that 162 | # there aren't any other nodes running as part of the cluster that 163 | # this is supposed to be a part of (which indicates that a cluster 164 | # already exists and we should make sure not to create a new one). 165 | # It's fine to run without --join on a restart if there aren't any 166 | # other nodes. 167 | if [ ! "$(hostname)" == "cockroachdb-0" ] || \ 168 | [ -e "/cockroach/cockroach-data/cluster_exists_marker" ] 169 | then 170 | # We don't join cockroachdb in order to avoid a node attempting 171 | # to join itself, which currently doesn't work 172 | # (https://github.com/cockroachdb/cockroach/issues/9625). 173 | CRARGS+=("--join" "cockroachdb-public") 174 | fi 175 | exec /cockroach/cockroach ${CRARGS[*]} 176 | # No pre-stop hook is required, a SIGTERM plus some time is all that's 177 | # needed for graceful shutdown of a node. 178 | terminationGracePeriodSeconds: 60 179 | volumes: 180 | - name: datadir 181 | persistentVolumeClaim: 182 | claimName: datadir 183 | volumeClaimTemplates: 184 | - metadata: 185 | name: datadir 186 | annotations: 187 | volume.alpha.kubernetes.io/storage-class: anything 188 | spec: 189 | accessModes: 190 | - "ReadWriteOnce" 191 | resources: 192 | requests: 193 | storage: 1Gi 194 | -------------------------------------------------------------------------------- /k02_advanced_kubernetes/M06_advanced_troubleshooting/example8.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | # This service is meant to be used by clients of the database. It exposes a ClusterIP that will 5 | # automatically load balance connections to the different database pods. 6 | name: cockroachdb-public 7 | labels: 8 | app: cockroachdb 9 | spec: 10 | ports: 11 | # The main port, served by gRPC, serves Postgres-flavor SQL, internode 12 | # traffic and the cli. 13 | - port: 26257 14 | targetPort: 26257 15 | name: grpc 16 | # The secondary port serves the UI as well as health and debug endpoints. 17 | - port: 8080 18 | targetPort: 8080 19 | name: http 20 | selector: 21 | app: cockroachdb 22 | --- 23 | apiVersion: v1 24 | kind: Service 25 | metadata: 26 | # This service only exists to create DNS entries for each pod in the stateful 27 | # set such that they can resolve each other's IP addresses. It does not 28 | # create a load-balanced ClusterIP and should not be used directly by clients 29 | # in most circumstances. 30 | name: cockroachdb 31 | labels: 32 | app: cockroachdb 33 | annotations: 34 | # This is needed to make the peer-finder work properly and to help avoid 35 | # edge cases where instance 0 comes up after losing its data and needs to 36 | # decide whether it should create a new cluster or try to join an existing 37 | # one. If it creates a new cluster when it should have joined an existing 38 | # one, we'd end up with two separate clusters listening at the same service 39 | # endpoint, which would be very bad. 40 | service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" 41 | # Enable automatic monitoring of all instances when Prometheus is running in the cluster. 42 | prometheus.io/scrape: "true" 43 | prometheus.io/path: "_status/vars" 44 | prometheus.io/port: "8080" 45 | spec: 46 | ports: 47 | - port: 26257 48 | targetPort: 26257 49 | name: grpc 50 | - port: 8080 51 | targetPort: 8080 52 | name: http 53 | clusterIP: None 54 | selector: 55 | app: cockroachdb 56 | --- 57 | apiVersion: policy/v1beta1 58 | kind: PodDisruptionBudget 59 | metadata: 60 | name: cockroachdb-budget 61 | labels: 62 | app: cockroachdb 63 | spec: 64 | selector: 65 | matchLabels: 66 | app: cockroachdb 67 | minAvailable: 67% 68 | --- 69 | apiVersion: apps/v1beta1 70 | kind: StatefulSet 71 | metadata: 72 | name: cockroachdb 73 | spec: 74 | serviceName: "cockroachdb" 75 | replicas: 3 76 | template: 77 | metadata: 78 | labels: 79 | app: cockroachdb 80 | annotations: 81 | scheduler.alpha.kubernetes.io/affinity: > 82 | { 83 | "podAntiAffinity": { 84 | "preferredDuringSchedulingIgnoredDuringExecution": [{ 85 | "weight": 100, 86 | "labelSelector": { 87 | "matchExpressions": [{ 88 | "key": "app", 89 | "operator": "In", 90 | "values": ["cockroachdb"] 91 | }] 92 | }, 93 | "topologyKey": "kubernetes.io/hostname" 94 | }] 95 | } 96 | } 97 | # Init containers are run only once in the lifetime of a pod, before 98 | # it's started up for the first time. It has to exit successfully 99 | # before the pod's main containers are allowed to start. 100 | # This particular init container does a DNS lookup for other pods in 101 | # the set to help determine whether or not a cluster already exists. 102 | # If any other pods exist, it creates a file in the cockroach-data 103 | # directory to pass that information along to the primary container that 104 | # has to decide what command-line flags to use when starting CockroachDB. 105 | # This only matters when a pod's persistent volume is empty - if it has 106 | # data from a previous execution, that data will always be used. 107 | pod.alpha.kubernetes.io/init-containers: '[ 108 | { 109 | "name": "bootstrap", 110 | "image": "cockroachdb/cockroach-k8s-init:0.1", 111 | "imagePullPolicy": "IfNotPresent", 112 | "args": [ 113 | "-on-start=/on-start.sh", 114 | "-service=cockroachdb" 115 | ], 116 | "env": [ 117 | { 118 | "name": "POD_NAMESPACE", 119 | "valueFrom": { 120 | "fieldRef": { 121 | "apiVersion": "v1", 122 | "fieldPath": "metadata.namespace" 123 | } 124 | } 125 | } 126 | ], 127 | "volumeMounts": [ 128 | { 129 | "name": "datadir", 130 | "mountPath": "/cockroach/cockroach-data" 131 | } 132 | ] 133 | } 134 | ]' 135 | spec: 136 | containers: 137 | - name: cockroachdb 138 | # Runs the master branch. Not recommended for production, but since 139 | # CockroachDB is in Beta, you don't want to run it in production 140 | # anyway. See 141 | # https://hub.docker.com/r/cockroachdb/cockroach/tags/ 142 | # if you prefer to run a beta release. 143 | image: cockroachdb/cockroach 144 | imagePullPolicy: IfNotPresent 145 | ports: 146 | - containerPort: 26257 147 | name: grpc 148 | - containerPort: 8080 149 | name: http 150 | volumeMounts: 151 | - name: datadir 152 | mountPath: /cockroach/cockroach-data 153 | command: 154 | - "/bin/bash" 155 | - "-ecx" 156 | - | 157 | # The use of qualified `hostname -f` is crucial: 158 | # Other nodes aren't able to look up the unqualified hostname. 159 | CRARGS=("start" "--logtostderr" "--insecure" "--host" "$(hostname -f)" "--http-host" "0.0.0.0") 160 | # We only want to initialize a new cluster (by omitting the join flag) 161 | # if we're sure that we're the first node (i.e. index 0) and that 162 | # there aren't any other nodes running as part of the cluster that 163 | # this is supposed to be a part of (which indicates that a cluster 164 | # already exists and we should make sure not to create a new one). 165 | # It's fine to run without --join on a restart if there aren't any 166 | # other nodes. 167 | if [ ! "$(hostname)" == "cockroachdb-0" ] || \ 168 | [ -e "/cockroach/cockroach-data/cluster_exists_marker" ] 169 | then 170 | # We don't join cockroachdb in order to avoid a node attempting 171 | # to join itself, which currently doesn't work 172 | # (https://github.com/cockroachdb/cockroach/issues/9625). 173 | CRARGS+=("--join" "cockroachdb-public") 174 | fi 175 | exec /cockroach/cockroach ${CRARGS[*]} 176 | # No pre-stop hook is required, a SIGTERM plus some time is all that's 177 | # needed for graceful shutdown of a node. 178 | terminationGracePeriodSeconds: 60 179 | volumes: 180 | - name: datadir 181 | persistentVolumeClaim: 182 | claimName: datadir 183 | volumeClaimTemplates: 184 | - metadata: 185 | name: datadir 186 | annotations: 187 | volume.alpha.kubernetes.io/storage-class: anything 188 | spec: 189 | accessModes: 190 | - "ReadWriteOnce" 191 | resources: 192 | requests: 193 | storage: 1Gi 194 | --------------------------------------------------------------------------------